REVIEWED 


Conkeror I Android I Squid I Kindie 2 I indamixx I BUG 



JOURNAL 

Since 1994: The Original Magazine of the Linux Community 

JULY 2009 ISSUE 183 www.linuxjournal.com 


Hacks and 
Apps for 

the BUG 


Keeping Track 

of Multipie 
Servers 


MOBiLE LINUX 


Android 

Internals 

Hacking a 
Portable Linux 
Server 

Conquering 
Small Screens 
with Conkeror 

Syncing 
Thunderbird 
and BlackBerry 



Irhe » 

Indamixx 

1 Kindle H ; 

a Portable 

l2 Mi; 

1 

Recording Studio 























































UBiQUiTi 

NETWORKS 


"5S8gar 

^88888^ 


m 


SMilK 0U9 Cr 


AAAAAAAA AAAAJffe 

imiiiimiiiiiiimiiii • tiuuiiiiuiuiiiiimii • a. 

OMmSao * I OMmon * I 

»>MU »H-H 

aGeeVacGgi aMiiii*. -a 




OZZ90 

OTOZOZOZH, 


RouterStation 


RouterStation Pro 


Featuring a fast 680MHz MIPS 24K CPU, 64MB RAM, and 
16MB Flash; RouterStation provides a excellent horsepower 
for a variety of processor intensive multi-radio system 
applications. 


In response to the outstanding demand for our initial RouterStation 
OEM platform, Ubiquiti Networks announces the RouterStation 
Pro. Breakthrough Price/Performance with a $79 USD MSRP. 


Pro Version Enhancements: 


Up to 3 mini-PCI radios, 3 10/100 ethernet interfaces, a 5A 
power supply for multiple hi-power card support, USB 2.0, 
and enhanced temperature operating performance and 
ethernet ESD protection for carrier applications. 

MSRP $59 


• 48V 802.3af Power Over Ethernet 

• 4-Port Gigabit Ethernet Switch 

• 256MB RAM 

• On Board SDIO Support 

• On Board, USB 2.0, RS232/dB9, and DC power jacks 

MSRP $79 


Prices in USD. Ubiquiti Networks, Inc. Copyright © 2009 All Rights Reserved. 


www.ubnt.com 
















Successful websites start 


Limited Time Offer: Save 50% on select plans. Visit www.1and1.com for details. 


DOMAINS 



WEB HOSTING 


P\/pr\/thinn 


LVCiyLIMMU 

1&1 BUSINESS PACKAGE 

$QS3r 

$A.99 

per month* 
(first 6 months) 



PREMIUM SERVERS 


Designed for high performance 
websites. 







J 


1&1 BUSINESS SERVER II 

$00.99 

permonth* 
(first 6 months) 


E-COMMERCE 


Set up your online 
store and start 
selling! 



1&1 STARTER eSHOP 


54 


39 


per month* 
(first 6 months) 


*Setup fee, minimum contract term, and other terms and conditions may apply. Visit www.1and1.com for full promotional offer details. Server prices based on Linux servers. 
Private domain registration not available with .us domains. Program and pricing specifications, availability and prices subject to change without notice. 1&1 and the 
1&1 logo are trademarks of 1&1 Internet AG, all other trademarks are the property of their respective owners. © 2009 1&1 Internet, Inc. All rights reserved. 


1-877-GO-1AND1 

www.1and1.com 


united/ 

internet 































CONTENTS SS 



ariD^oiD 


FEATURES 


60 THE JAVA API TO ANDROID S TELEPHONY 
STACK 

All Android apps are created equal, but some apps are 
more equal than others. 

Alexander Sirotkin 


66 HACKING YOUR PORTABLE LINUX SERVER 

Hacking the Western Digital MyBook II. 

Federico Lucifredi 


72 THE CONKEROR WEB BROWSER CONQUERS 
SMALL SCREENS 

All the power of Firefox with an Emacs look and feel. 

David A. Harding 


ON THE COVER _ 

• Hacks and Apps for the BUG, p. 76 

^_Keegin£^ac^of_Multi2le^Jervers^, 40 

• Android Internals, p. 60 

• Hacking a Portable Linux Server, p. ( 6 

• Conquering Small Screens with Coni eror, p. 72 

• Syncing Thunderbird and BlackBerry p. 24 

• The Kindle 2, p. 50 

• Indamixx: a Portable Recording Stu'3 o, p. 56 


2 I july 2009 WWW. linuxj ournal.com 






















Your Applications Will Run Faster 

With Next Generation Microway Soiutions! 




NumberSmashei^ 

Large Memory Scalable SMP Server 

O Scales to 1 TB of Virtual 
Shared Memory 

O Up to 128 CPU Cores 

□ 8U System Includes 
32 Quad Core CPUs 

□ QDR 1 psec Backplane 




. .. ..— mx' 


■m'm' wi'si.-ji 


FasTTeeX 


□ Mellanox® InfiniScale™ IV Technology 
OQDR/DDR InfiniBand Switches 

O Modular Design 

□ 4 GB/sec Bandwidth per Port 

□ QSFP Interconnects 

O InfiniScope™ Real Time Diagnostics 


niComX 

QDR/DDR InfiniBand HCA 
ConnectX™ Technology 
1 psec Latency 
Switchless Serial Console 
NodeWatch™ Remote Management 


Mellanox® ConnectX 
InfiniBand HCA 


Teraflop GPU Computing 

For Workstations and HPC Clusters 


□ NVIDIA® Tesla™ GPU with 240 Cores on One Chip 

CUDA™ SDK 

O NVIDIA® Quadro® Professional Graphics 

□ AMD® FireStream™ GPU 

Stream SDK with Brook+ 


8051 BMC interface and 
serial console switch 


Headers to fans, voltages, 
temperatures, On/Off and reset 


RS-485/422 Daisy 
chain connectors 


InfiniBand or 
lOGigE connector 


Call the HPC Experts at Microway to Design Your Next 
High-Reliability Linux duster or infiniBand Fabric. 

508 - 746-7341 

Sign up for Microway’s 
Newsletter at 
WWW. micro way. com 




















CONTENTS 


JULY 2009 
Issue 183 


COLUMNS 

18 REUVEN M. LERNER'S 
AT THE FORGE 

Checking Your Ruby Code 
with nnetric_fu 


24 MARCEL GAGNE'S 
COOKING WITH LINUX 

Linux, Thunderbird and the 
BlackBerry—a Love Story 



Proxy, 


er 


8 

nilRRFNT KqilF TAR Ci7 

10 

LETTERS 

14 

UPFRONT 

44 

NEW PRODUCTS 

46 

NEW PROJECTS 

65 

ADVERTISERS INDEX 

79 

MARKETPLACE 


34 

DAVE TAYLOR S 

WORK THE SHELL 


Parsing Command-Line Optic 
with getopt 

36 

MICK BAUER'S 
PARANOID PENGUIN 

Building a Secure Squid Web 
Part III 

40 

KYLE RANKIN'S 

HACK AND/ 

Right Command, Wrong Serv 

80 

DOC SEARLS' 

EOF 

The Last Silos Standing 


IN bVLKY ISSUb 


REVIEWS - 

50 THE KINDLE 2 

Daniel Bartholomew 



56 INDAMIXX: AN ON-THE-i 
RECORDING STUDIO? 

Dan Sawyer 



INDEPTH 

76 BUG LABS: HACKS 
AND APRS 

Some buggy ideas for the BUG. 

Alicia Gibb 



76 THE BUG 


Next Month 


KERNEL CAPERS 

All you kernel hackers put on 
your capes and get ready for 
next month's Kernel Capers 
issue. We've got articles on the 
Completely Fair Scheduler, 
which recently replaced the 
0(1) scheduler in the standard 
kernel. For you real-time types, 
we've also got an article about 
real-time scheduling with Linux. 

If you're a security type, we've 
got something for you too. 
Learn how to make root unpriv¬ 
ileged and instead use multiple 
less-privileged users, doling out 
only the responsibilities that 
each one needs. 

Look for all that and more in 
next month's Kernel Capers 
issue—and all of them with 
more than just a kernel of truth 
to them! 


USPS LINUX JOURNAL (ISSN 1075-3583) (USPS 12854) is published monthly by Belltown Media, Inc., 2211 Norfolk, Ste 514, Houston, TX 77098 USA. Periodicals postage paid at Houston, Texas and at additional 
mailing offices. Cover price is $5.99 US. Subscription rate is $29.50/Vear in the United States, $39.50 in Canada and Mexico, $69.50 elsewhere. POSTMASTER: Please send address changes to Linux Journal, PO Box 16476, 
North Hollywood, CA 91615. Subscriptions start with the next issue. Canada Post: Publications Mail Agreement #41549519. Canada Returns to be sent to Bleuchip International, RO. Box 25542, London, ON N6C 6B2 


4 I july 2009 www.linuxjournal.com 













































































® ABERDEEN 

SERVERS AND STORAGE 


HOW MUCH STORAGE 


DO YOU HEED? 



Performance tuned storage. rpriPIPKinV expand storage to well beyond 

Up to 50TB in a single storage server. LmiilLliljT 400TB via XDAS and JBOD units. 

Reduce operating costs. 

Best TB/$ ratio. 


ABERDEEN STIRLING SCAUBLE STORAGE SERVERS 



• 2x Quad-Core Intel® Xeon® Processor 5500 
Series featuring Intel® Microarchitecture, 
codenamed Nehalem 

• Up to 96GB 1333MHz DDR3 Memory 

• Supports both SAS & SATA Storage Drives 

• RAIDO, 1,5,6,10, 50, 60 Capable 

• Redundant Power Supply 

• SAS & iSCSI Expansion Ports 

• Windows & Linux NAS Available 

• 5-Year Warranty 


3U STB Starting at . ^4,495 

4U 16TB Starting at . ^7,595 

5U 24TB Starting at . *9,995 

61132TB Starting at . * 13,495 

8U 50TB Starting at . ^ 18,595 


EXPAND CAPACITY TO OVER 400TB 




• Daisy-Chain DAS Units and JBOD 
Expansion Boxes 

• 2U, 3U, 4U Enclosures Available 

• RAIDO, 1,5, 6,10, 50, 60 Capable 

• SATA & SAS Drive Support 

• 5-Year Warranty 


16TB JBOD Expansion . *5,995 

16TB DAS. *8,995 

24TB DAS . * 12,495 


Powerful. 

Intelligent. 


Intel, Intel Logo, Intel Inside, Intel Inside Logo, Pentium, Xeon, and Xeon Inside are trademarks or registered trademarks of Intel Corporation or Its 
subsidiaries In the United States and other countries. For terms and conditions, please see www.aberdeenlnc.com/abpoly/abterms.htm. Ij030 


888-297-7409 

www.aberdeeninc.com/ljOSO 





























































LINUX 

JOURNAL 

Since 1994: The Original Magazine of the Linux Community 

Digital Edition 
Now Available! 

Read it first 

Get the latest issue before it 
hits the newsstand 

Keyword searchable 

Find a topic or name 
in seconds 


LINUX 


JOURNAL 


Executive Editor 

Jill Franklin 
jill@linuxjournaLcom 

Senior Editor 

Doc Searls 

doc@linuxjournal.com 

Associate Editor 

Shawn Powers 
shawn@linuxjournal.com 

Associate Editor 

Mitch Frazier 
mitch@linuxjournal.com 

Art Director 

Garrick Antikajian 
garrick@linuxjournaLcom 

Products Editor 

James Gray 

newproducts@linuxjournaLcom 

Editor Emeritus 

Don Marti 

dmarti@linuxjournal.com 

Technical Editor 

Michael Baxter 
mab@cruzio.com 

Senior Columnist 

Reuven Lerner 
reuven@lerner.co.il 

Chef Fran^ais 

Marcel Gagne 
mggagne@salmar.com 

Security Editor 

Mick Bauer 
mick@visi.com 

Hack Editor 

Kyle Rankin 
lj@greenfly.net 


Contributing Editors 

David A. Bandel • Ibrahim Haddad • Robert Love • Zack Brown • Dave Phillips • Marco Fioretti 
Ludovic Marcotte • Paul Barry • Paul McKenney • Dave Taylor • Dirk Elmendorf 


Paperless archives 

Download to your computer for 
convenient offline reading 

Same great magazine 

Read each issue in 
high-quality PDF 





Proofreader Geri Gale 


Publisher Carlie Fairchild 

publisher@linuxjournal.com 

General Manager Rebecca Cassity 

rebecca@linuxjournal.com 


Sales Manager Joseph Krack 

joseph@linuxjournal.com 

Sales and Marketing Coordinator Tracy Manford 

tracy@linuxjournal.com 


Associate Publisher Mark Irgang 

mark@linuxjournal.com 


Webmistress Katherine Druckman 

webmistress@linuxjournal.com 

Accountant Candy Beauchamp 

acct@linuxjournal.com 


Linux Journal is published by, and is a registered trade name of, Belltown Media, Inc. 

PO Box 980985, Houston, TX 77098 USA 

Reader Advisory Panel 

Brad Abram Baillio • Nick Baronian • Hari Boukis • Caleb S. Cullen • Steve Case 
Kalyana Krishna Chadalavada • Keir Davis • Adam M. Dutko • Michael Eager • Nick Faltys • Ken Firestone 
Dennis Franklin Frey • Victor Gregorio • Kristian Erik • Hermansen • Philip Jacob • Jay Kruizenga 
David A. Lane • Steve Marquez • Dave McAllister • Craig Oda • Rob Orsini • Jeffrey D. Parent 
Wayne D. Powel • Shawn Powers • Mike Roberts • Draciron Smith • Chris D. Stark • Patrick Swartz 

Editorial Advisory Board 

Daniel Frye, Director, IBM Linux Technology Center 
Jon "maddog" Hall, President, Linux International 
Lawrence Lessig, Professor of Law, Stanford University 
Ransom Love, Director of Strategic Relationships, Family and Church History Department, 

Church of Jesus Christ of Latter-day Saints 
Sam Ockman 
Bruce Perens 

Bdale Garbee, Linux CTO, HP 
Danese Cooper, Open Source Diva, Intel Corporation 

Advertising 

E-MAIL: ads@linuxjournal.com 
URL: WWW. linuxjournal.com/advertising 
PHONE: -1-1 713-344-1956 ext. 2 

Subscriptions 

E-MAIL: subs@linuxjournal.com 
URL: www.linuxjournal.com/subscribe 
PHONE: -1-1 818-487-2089 
F/\X: +1 818-487-4550 
TOLL-FREE: 1-888-66-LINUX 

MAIL: PO Box 16476, North Hollywood, CA 91615-9911 USA 
Please allow 4-6 weeks for processing address changes and orders 
PRINTED IN USA 


LINUX is a registered trademark of Linus Torvalds. 



PRINTED WITH 

SOY INK 


9ii 















EtherDrive* 

The AFFORDABLE Network Storage 




Fibre Channel speeds of Ethernet prices! 


Is your budget shrinking while your network storage 
needs are growing? Are you suffering from “sticker 
shock” induced by expensive Fibre Channel and iSCSI 
storage area network solutions? EtherDrive® SAN 
solutions offer Fibre Channel speeds at Ethernet prices! 
Starting at just $1,995 for a 4TB system, EtherDrive® 
is the affordable storage area network solution. With 
sustained access speeds from 200MBytes/sec to over 
600MBytes/sec, EtherDrive® SAN solutions are fast. 
From a 4TB single storage appliance to multi-PetaByte 
system by simply adding more storage appliances, 
EtherDrive® SAN solutions are scalable. From a 
single storage appliance to a network of sophisticated 
virtualized storage LUNs, EtherDrive® SAN solutions 
embrace virtualization. 

Coupling Ethernet technology with SATA hard disk drives, 
EtherDrive® SAN solutions exploit commodity 
components to deliver affordable, fast storage area 
network solutions that keep more green in your wallet! 
Whether you use your own SATA compliant disk drives 
or our certified enterprise class disk drives, you are in 
control! EtherDrive® SAN solutions accept standard SATA 
hard disk drives. Ethernet and SATA disk drives - two proven 
technologies in one affordable, fast storage area network 
solution - EtherDrive®. 


EtherDrive® SAN solutions use the open ATA-over-Ethemet 
(AoE) lightweight network storage protocol. Simple. 
Easy to understand. Easy to use. AoE uses Ethernet 
to transport ATA disk commands without the burden of 
TCP/IP overhead, thereby enabling disk drives to become 
AoE devices connected directly to an Ethernet network. 
An AoE device can be a single physical disk or a logical 
device made up of multiple disks. An EtherDrive® SAN 
appliance is an AoE target device. 

Finally, an affordable, fast storage area network solution 
for your VMware® ESX 3.5 installation. The EtherDrive® 
VMware ESX Host Bus Adapter empowers ESX with 
AoE technology to deliver EtherDrive® SAN solutions for 
your VMware ESX 3.5 installation. 

Shipping EtherDrive® RAID solutions since 2004, Coraid 
boasts thousands of satisfied customers spanning a broad 
spectrum of the market including enterprise, government, 
educational institutions, and hosting service providers. 
Call today to order your EtherDrive® solution, and join 
the ranks of our thousands of satisfied customers! 


Call 1.877.548.7200 
or visit our website at 
www.coraid.com 
International: +1.706.548.7200 



CORAID 



=h ^ I technology alliance 

II vmware | partner 

ESX 3.5 compatible EtherDrive® HBA 


2009 Coraid Inc. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdietions. 
All other marks and names mentioned herein may be trademarks of their respective eompanies. 














Current_lssue.tar.gz 

A 



SHAWN POWERS 


Pocket-Sized Penguins 


hen my kids were young, it was diffi¬ 
cult for me to convince them that 
penguins were birds. Frankly, they 
don't look much like birds. They don't exactly sit 
on bird feeders. Heck, they don't even fly. When 
they are waddling around in the snow, penguins 
look gangly and awkward. It's not until you 
see them in the water that their beauty and ele¬ 
gance really shines. Although I'm not suggesting 
Linux is awkward, there are some environments 
in which it really shines. Mobile devices are 
one of them. 

This month, we're covering the whole gamut 
of mobile Linux. Alexander Sirotkin shows us 
how to bend Google Android to our will with 
the Java API. Marcel Gagne shows us a bit about 
syncing data from our non-Linux BlackBerry 
handsets with our Linux desktops. Most smart¬ 
phones lack native Linux software, but thankfully, 
Funambol fills that gap nicely and supports many 
different mobile devices. If you have a smartphone, 
you'll want to check it out. 

One of the frustrations of using mobile Linux 
devices is that the screens (if they have one) are 
really small. David Harding shows us the nuances 
of the Conkeror Web browser on small screens. 
Thankfully, more and more Web sites are being 
designed for the mobile-sized browser, but 
a flexible browser still is a great asset on tiny 
screens. Heck, with Linux, mobile computing 
doesn't even need screens. Federico Lucifredi 
shows us how to hack the Western Digital 
MyBook 11. With a little bit of work, you'll be 
able to take your own Linux server with you 
wherever you go. Throw a couple in your 
backpack, and you could be a mobile cloud! 

I was sure that for the mobile issue, Kyle 
Rankin would tell us about the time he did 
system administration on his server farm from a 
beach somewhere in Mexico with nothing more 
than an SSH prompt on his BlackBerry. I may 
have been wrong with my guess, but Kyle doesn't 
disappoint this month. He deals with the 
horrible mistake many of us have made: typing 


a command remotely into the wrong server. As 
someone who accidentally has typed his password 
in an instant message window to someone by 
mistake, I'd advise reading his column. Twice. 

Daniel Bartholomew is back this month to 
show us Kindle 2. The differences between that 
and the new Kindle DX are fairly easy to see 
(basically, it's huge). But, there are some signifi¬ 
cant differences between the original Kindle and 
the new regular-sized model too. Daniel com¬ 
pares the two and explains the pros, cons and 
general interesting things Amazon is offering in 
its Linux-based devices. If music or audio is more 
interesting than reading to you, Dan Sawyer 
tells us all about Indamixx, a recording studio 
you can take with you on the go. There may 
be some inappropriate places to set up your 
mobile studio, but with Indamixx, the problem 
won't be portability. 

Fear not; this month we still have our regular 
lineup of columns to scratch that geeky itch. 
Dave Taylor demonstrates using getopt in shell 
scripts to parse the start flags. Reuven M. Lerner 
shows us how to check our Ruby code with 
metric_fu, and Mick Bauer continues his series 
on building a secure Squid proxy. This issue 
focuses on mobile Linux, but as with every other 
month, we aim to please everyone. 

I suppose Linux Journal itself is a good example 
of mobility. Feel free to take this issue with you 
wherever you go. If you subscribe to the digital 
edition, you might be reading this on a laptop 
right now. My only suggestion would be that 
regardless of which format you are reading, try 
not to get carried away. Penguins might be able 
to "fly" underwater, but unless you have a 
Linux-powered submarine, Linux Journal is best 
enjoyed on dry ground. ■ 


Shawn Powers is the Associate Editor for Linux Journal. He’s also the 
Gadget Guy for LinuxJournal.com, and he has an interesting collection of 
vintage Garfield coffee mugs. Don’t let his silly hairdo fool you, he’s a pretty 
ordinary guy and can be reached via e-mail at shawn@linuxjournal.com. 
Or, swing by the #linuxjournal IRC channel on Freenode.net. 



8 I july 2009 www.linuxjournal.com 







GO STRAIGHT TO THE SOURCE! 


MORE PRODUCTS, BEHER SERVICE, GUARANTEED. 


1.877,727.7887 


ServersDirect.com 



YOUR HIGH PERFORMANCE COMPUTING HAS ARRIVED. 

The ServersDirect® Systems with the Intel® Xeon® Processor helps you simplity computing operations, accelerate pertormance and 
accomplish more in less time 


$899 


ENTRY LEVEL INTELLIGENT SERVER 

SDR-S1341-T00 is among our most cost-effective 1U Xeon 
Servers, and it is ideal for large high-performance computing 
deployments 




STARTING 

AT 


APPLICATION SERVER 

Refresh your servers with new SDR-S1337-T02 powered by 
Intel® Xeon® processor 5500 series, based on intelligent 
performance, automated energy efficiency and flexible 
virtualization. 




SDR-S1343-T04 

$1,099 


1U INTEL® XEON® PROCESSORS 5500 SERIES 
SERVER W/ 4X 3.5" HOT-SWAP SATA DRIVE BAYS 



SDR-S2311-T08 

™™A? $1,159 


2U INTEL® XEON® PROCESSORS 5500 SERIES 
SERVER W/ 8X 3.5" HOT-SWAP SAS/SATA BAYS 



SDP-IP308-T10 

$1,599 

PEDESTAL INTEL® XEON® 
PROCESSORS 5500 SERIES 
SERVER W/ 10X HOT-SWAP 
(OPT.) SATA BAYS 


• Supermicro 1U Rackmount Server with 560W Power Supply 

• Supermicro Server Board w/Intel® 5520 Chipset 

• Support up to Dual Intel® 5500 series Xeon® 
Quad/Dual-Core, with QPI up to 6.4 GT/s 

• Support up to 96GB DDRS 1333/1066/ 800MHz ECC 
Reg.DIMM 

• 4x 3.5" Hot-swap SATA Drive Bays 

• Intel® 82576 Dual-Port Gigabit Ethernet Controller 



4U INTEL® XEON® PROCESSORS 5500 SERIES 
SERVER W/ 24X 3.5" HOT-SWAP SAS/SATA BAYS 


• Supermicro 2U Rackmount Server with 560W Power Supply 

• Supermicro Server Board w/Intel® 5500 Chipset 

• Support up to Dual Intel® 5500 series Xeon® 
Quad/Dual-Core, with QPI up to 6.4 GT/s 

• Support up to 24GB DDRS 1333/ 1066/ 800MHz ECC 
Reg.DIMM 

• 8x 3.5" Hot-swap SATA Drive Bays 

• Dual Intel® 82574L Gigabit Ethernet Controller 



SDR-S3305-T16 

$1,979 


3U INTEL® XEON® PROCESSORS 5500 SERIES 
SERVER W/ 16X 3.5" HOT-SWAP SAS/SATA BAYS 


• Supermicro 4U Rackmount 900W (1 -Hi) Red. Power Supply 

• Supermicro Server Board w/ Dual Intel® 5520 Chipsets 

• Support up to Dual Intel® 5500 series Xeon® Quad/Dual- 
Core, with QPI up to 6.4 GT/s 

• Support up to 144GB DDRS 1333/ 1066/800MHz ECC 
Reg. DIMM 

• 24x 3.5" Hot-swap SATA Drive Bay 

• Intel® 82576 Dual-port Gigabit Ethernet Controller 


• 3U Rackmount Server with 1 -hi 900W Red. Power Supply 

• Supermicro Server Board w/ Dual Intel® 5520 Chipsets 

• Support up to Dual Intel® 5500 series Xeon® Quad/Dual- 
Core, with QPI up to 6.4 GT/s 

• Support up to 96GB DDRS 1333/ 1066/800MHz ECC 
Reg.DIMM 

• 16x Hot-swap SAS/SATA Drive Bays 

• Intel® Dual 82576 Dual-Port Gigabit Ethernet (4 ports) 


• Intel Pedestal Chassis w/ 750W (1 -hi) Power Supply 

• Supermicro Server Board w/Intel® 5520 Chipsets 

• Support up to Dual Intel® 5500 series Xeon® 
Quad/Dual-Core, with QPI up to 6.4 GT/s 

• Support up to 96GB DDRS 1333/1066/ 800MHz ECC 
Reg ./unbuffered DIMM 

• Qption lOx 3.5" Hot-swap SATA Bays 

• Intel® 8257EB Dual-port Gigabit Ethernet Controller 


SDR-C9303-T50 

$4,339 

9U INTEL® XEON® PROCESSORS 5500 NEHALEM 
SERIES SERVER W/ 50X HOT-SWAP SATA II / SAS 
BAYS 

• 9U Chassis with 1620W Redundant Power Supply 

• Supermicro Server Board w/ Dual Intel® 5520 Chipsets 

• Support up to Dual Intel® 5500 series Xeon® 
Quad/Dual-Core, with QPI up to 6.4 GT/s 

• Support up to 144GB DDRS 1333/ 1066/ 800MHz 
ECC Reg. DIMM 

• 50 X 3.5"lnternal SATA Drives Trays 

• Intel® 82576 Dual-port Gigabit Ethernet Controller 




SERVERS DIRECT CAN HELP YOU CONFIGURE YOUR NEXT HIGH PERFORMANCE SERVER SYSTEM - CALL US TODAY! 

Our flexible on-line products configurator allows you to source a custom solution, or call and our product 
experts are standing by to help you to assemble systems that require a little extra. Servers Direct - your direct 
source for scalable, cost effective solutions. 


1.877.727.7886 


/ www.ServersDirect.com 



Intel, Intel logo, Intel Inside, Intel Inisde logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, Pentium, 
and Pentium III Xeon are trademarks of Intel Corporation or it’s subsidiaries in the United States and other countries. 



















letters 


A 


Phusion Passenger I iRobot Create I OpenPiier I AJAX I Squid 


LINUX 

JOURNAL 

S«c» im TIm OrtfMMi «( Om Unia CenwiMinMy 

COOL PROJECTS 


Turn an Old 
Computer into a 
Networit Appliance 
with OpmFiler 

Interview with 
Neuroe Technology^ 
Joe Bom 


Interact with the 
iRobot Create 

Convert 
8mm Rim 
to DVD 



Build a Linux- 
Powered Rocket 


REVIEWED: 


Home Automation with 
Vera from Mi Casa Verde 


Eliminate Blank Lines 

Regarding Dave Taylor's Work the 
Shell column in the March 2009 issue 
of LJ\ as you have been using UNIX 
nearly as long as I have, you probably 
already know this. The early UNIX 
spell program used a pipeline very 
similar to the one you develop in your 
column. Its purpose was to get a list 
of unique words from the document, 
sorted and single case. The rest of it 
used comm(1) to compare the document 
word list to a small system dictionary, 
/usr/lib/dict/words. I say small, as it 
had only about 25,000 entries. 


I notice from your uniq -c output 
that blank lines are the second-most 
frequent "word". 

jl 

Dave Taylor replies: Thanks for your 
note, Jon. You're right, using a bit more 
advanced call to tr would eliminate the 
blank lines, punctuation and so on. 
Thanks for the tip! 

Beware On-the-Fly Certs 

Regarding Mick Bauer's "Secure Squid 
Proxy, Part I" in the April 2009 issue: great 
article, Mick! However, I just wanted to 
draw some attention to the information in 
the "Just How Intelligent Is a Web Proxy" 
sidebar. It isn't necessarily true that 
"contents of HTTPS sessions are, in practi¬ 
cal terms, completely opaque to the Web 
proxy". Some proxy software now has 
the ability to initiate a man-in-the-middle 
attack, issuing fake SSL certificates on the 
fly to enable the proxy to impersonate the 
remote server. This enables the proxy to 
inspect the traffic going between the client 
and server. Most browsers will detect this 
on-the-fly cert (generating a warning to 
the user), as it usually doesn't come from 
a valid Certificate Authority, but some 
companies are using tools, such as Group 
Policy, to push down custom CA settings 
within their organizations to configure the 
browsers to accept the on-the-fly certs as 
genuine (without throwing a warning). 


One significant difference between the 
spell pipeline and yours was the handling 
of the tr(1) commands. Like your pipe, 
one tr did upper ^ lower translation. 

But, the second tr used options you did 
not mention in the article: -c and -s 
(complement and squeeze). Using today's 
syntax, that it would look like this: 

tr -cs [ilower:] '\n' 

By complementing the lowercase class, 
this style ensures that no punctuation, 
white space, digits, control chars and 
so on are missed. All are translated into 
newlines, and where multiple sequential 
newlines result (that is, blank lines), they 
are squeezed out by the -s option. 


Ray 

Mick Bauer replies: Sure enough, you 
caught me oversimplifying. Thanks for 
the clarification, Ray! 

Linux on the Desktop? 

As I continue to search the forums for the 
issues I am having with a Linux desktop 
install, it seems that the Linux desktop (for 
me) still ranks as a hobby; Linux lacks a 
desktop that I can use in business. Linux 
has the applications—^that's not the issue, 
desktop stability is. I think Linux on the 
desktop is up and coming, but there are 
still unresolved issues—look at the forums 
and the number of issues that go unre¬ 
solved. I am not a Windows zealot by any 


means and run a lot of Linux in the server 
environment (where it rocks!), but I have 
yet to have a Linux desktop install that just 
works out of the box. When you install 
Windows, you know what you're getting, 
warts and all, but it does work. It seems 
Linux lacks a level of stability and requires 
a level of experience that I don't have time 
for. Windows does not seem to have these 
issues and is why I continue to say that 
Windows wins the desktop war. Some will 
ask "what distro are you running, or what 
hardware platform are you installing on?" 
Or, they will say there is something I am 
doing wrong, and there probably is, but all 
I am looking for is usability so I can make a 
living. I will continue to search the forums 
and continue hoping that a stable Linux 
desktop OS emerges. 

Kulmacet 

/ sound like a broken record when I keep 
saying this, but again, one of the weak¬ 
nesses Linux has as a desktop operating 
system is the diversity we have. Linux can 
(and does) mean so many different things. 
Are you using a popular desktop distribu¬ 
tion? By that, I mean one tailored for 
desktop use as opposed to server and/or 
corporate use? Distributions like Ubuntu, 
Linux Mint, OpenSUSE and a few others 
have a better track record for desktop 
stability and usefulness. Since you men¬ 
tion that applications aren't the problem, 
it makes me scratch my head, because 
stability is usually where Linux ROCKS. 

Feel free to drop me an e-mail with more 
specifics, and I'll see what I can do to help 
(shawn@linuxjournal. com). — Ed. 

Geek-Speak? 

Regarding James Gray's response to Jim 
Leuba in the April 2009 Letters: you 
may want to omit the political "Climate 
Change" nonsense. While I'm sure you 
eat it up with the spoon Al Gore sold 
you in exchange for carbon credits, the 
rest of us out here in the ether don't 
want to hear it. Stick to geek-speak and 
keep your audience. 

Seth Miller 

James Gray replies: While the decisions 


1 0 I july 2009 www.linuxjournal.com 







[LETTERS] 


regarding how to respond to climate 
change—or not to respond to it—are 
political, the fact that climate change is 
occurring is not. The Theory of Global 
Climate Change is one supported by huge 
amounts of empirical data and enjoys near 
unanimous consensus among climatolo¬ 
gists. You can read more about it in docu¬ 
ments published by the Intergovernmental 
Panel on Climate Change (IPCC), which 
summarizes the findings of climatologists 
around the world (www.ipcc.chj. 

Your reference to Al Gore suggests that 
I am a person who does not analyze 
evidence before making a decision. This 
I do not appreciate. Because you don't 
know me, you have no idea how I make 
my decisions. However, the scientific 
literature I have read on climate change, 
and not bombastic rhetoric from blowhard 
opinionators, is the basis for my writings 
on the topic. 

Regarding your advice to "stick to the 
geek-speak", I would argue that I am 
doing so. In most of the "green" pieces I 
write, I discuss solutions to the challenge 
of reducing energy consumption in 
the data center. Discussions of climate 
change is simply part of the rationale 
that I offer for taking on such challenges. 

Recycling 

I usually enjoy Shawn Powers' articles, but 
I feel that his editorial was a bit misleading 
["Free to a Good Home: Junk", in the 
UpFront section of the May 2009 issue]. 
The idea of recycling old computers into 
the hands of those who need them is 
great: "Don't worry about running out of 
hardware, the local school district likely has 
parts piled in closets in would love for you 
to 'recycle'." I work for my local school 
district and had the same thought. 

I quickly received a lot of flack from the 
people at the top and discovered it is 
easier for them to trash computers than 
to give them away. As a result, I started a 
501(c)(3) at reglue.org (Recycled Electronics 
and Gnu/Linux Used for Education). A lot 
of things did and didn't happen. I quickly 
had a lot of CRTs; I didn't have nearly as 
many working mainboards with RAM to 
couple them with. I also quickly discovered 
that sometimes it's hard to give stuff away. 

On a lighter note, I know someone who 
has been a lot more successful with 
refurbishing and giving away computers 


than I—Helios from the Helios Project 

(www.heliosinitiative.org/news.php). 

He's also the author of the blog about 
the teacher and the Knoppix CD. 

He and others are working to create a 
nation-wide (originally, just in Austin) Linux 
Against Poverty drive and installfest on 
August 1, 2009 (geekaustin.org/2009/ 
02/01/linux-against-poverty). Maybe 
you'll consider coordinating your own 
Linux Against Poverty installfest. 

As a side note: no one is really interested 
in having a computer without Internet 
access. Community-based mesh net¬ 
works are a great idea. I think those 
distributing computers might want to 
help others access the Internet—the 
greatest cleft in the Digital Divide 
(wiki.freifunk.net/Kategorie:English 
and freifunk-texas.net). 

D Davis 

Unfortunately, it is easier to throw stuff 
away. That doesn't mean the school 
wouldn't love to give stuff away, just 
that it's difficult. Unless we break some 
ground and push for some new policies, 
those computers will continue to be 
thrown away instead of put to better 
use. If I misled you into thinking it would 
be easy, I do apologize. Also, as a big 
coincidence, Tm actually writing this 
response on Earth Day. It seems all the 
more important that we do make the 
effort, however difficult, to get the piles 
of usable computers into the hands of 
those who can use them. Tm speaking 
to myself as much as anyone, because 
in my school district, it's much easier 
to dispose of hardware than to give it 
away. That just has to change. Thanks 
for your comments. Hopefully, with peo¬ 
ple like us willing to do the grunt work, 
some real change can take place. — Ed. 

Cool Projects Issue 

I just wanted to send a quick note of 
thanks for the May 2009 issue. The 
hardware articles were thoroughly 
enjoyable and just the right technical 
level. I enjoyed the articles on the ama¬ 
teur rocket and underwater vehicle in 
particular, and am eagerly awaiting the 
land-based RC Linux mobile to complete 
the Earth/Air/Sea trilogy. 

Kwan Lowe 


Me too! I'd go one further and antici¬ 
pate the interstellar Linux probe, but 
that might be a while yet. Thanks for 
the kind comments. It's nice to hear 
we're bringing you material that is 
enjoyable and useful. — Ed. 

When Disaster Strikes, Don't 
Forget the Freezer! 

Kyle Rankin had a great article in the 
March 2009 issue: "When Disaster 
Strikes: Hard Drive Crashes". Good stuff 
there, and "Linux Hacks" has saved my 
backside more than once. 

It has been my observation that most of 
my drive failures, particularly in laptops, 
involve heat. By cooling the drive, it is 
sometimes possible to pull an image— 
often an error-free image—before the 
unit fails entirely. If a drive won't run long 
enough to pull an image, sometimes it is 
possible to extract important files quickly. 

I wrap them in anti-stat plastic and 
freeze them for a couple hours. Once 
out of the freezer, I leave them wrapped 
to avoid condensation, sandwich with 
gel-pacs, connect directly to a host 
machine, or via USB to SATA/PATA 
adapter, and pull an image as quickly as 
possible. Rinse and repeat as necessary. 
I'm about 70% with this technique. 

Your mileage may vary. Great article 
and great magazine. Keep it up. 

Bill 

Kyle Rankin replies: Ah, the famous 
freezer trick!! admit! have used that 
one myself a few times, although I've 
always wondered how much of it was 
science and how much was voodoo. 
Either way, when one's data is at stake, 

I think most people are willing to try 
anything that works (just look out for 
condensation on the drives if you live in 
a humid environment). 

Bad Guys 

Whoever wrote the May 2009 "They 
Said It" column in UpFront saw fit to 
include quotes by Marx and Lenin. Why 
go half-baked? Allow me to submit a 
few more choice quotes for the next 
issue, in chronological order: 

"Western intellectuals that profess 
admiration for Communism are 
suspect....They are objective traitors to 


www.linuxjournal.com ju ly 2009 I 1 1 


[LETTERS] 


their class and to their interests, and 
must be treated as such....After their 
final victory in Western Europe and 
America, revolutionary forces will elim¬ 
inate all bourgeois traitors."—Lenin 

"Death solves all problems—no man, 
no problem."—Joseph Stalin 

"The only good bourgeois is a dead 
bourgeois."—Pol Pot 

I could go on, but I think you are 
starting to see my point. 

Marx and Lenin are responsible for 
some of the most horrible dictator¬ 
ships in history. And those are the 
people you chose to quote. Kudos. 
What elegance, what taste! Truly, you 
outdid yourself. 

I am extremely disappointed in you 
and your journal. I have been reading 
LJ since 2000, and in all these 
years, this is the first time you 
display such an utter contempt for 
decency and history. 

I expect you to apologize in the next 
issue, and I'd very much like not be 
subjected to repeat offenses. 

Francis Kohl 


Mitch Frazier repiies: Francis, I'm 
responsible for those quotes. Sorry 
to have offended you, but I have 
to disagree with your apparent 
arguments that a bad guy can 
never have said anything useful 
and that all bad guys should just 
be erased from history 

Video Request 

I was watching the video on 
LinuxJournal.com about the various 
programs for screencasting, but 
I didn't see a reference to Wink. 

It is fairly decent. 

I also was wondering if you could do 
a video tutorial on how to get the 
sound from both the microphone and 
Rhythmbox to be recorded with some 
of the other screencast programs? I 
enjoy your mag; keep it up. 

Josh McClanahan 

Ha! I thought Wink was Windows 
only Either it added Linux support 
since I last looked at it, or (more 
likely) I just never realized it. Thanks 
for the tip! As far as diverting 
audio, I can look into the process, 
but I generally use an external 
hardware mixer, so I'd be guessing 
and poking too. — Ed. 


UNUX 

JOURNAL 


Ri Your ServicG 


MAGAZINE 

PRINT SUBSCRIPTIONS: Renewing your 
subscription, changing your address, paying your 
invoice, viewing your account details or other 
subscription inquiries can instantly be done on-line, 
www.linuxjoumal.com/subs. Alternatively, 
within the U.S. and Canada, you may call 
us toll-free 1-888-66-LINUX (54689), or 
internationally -1-1-818-487-2089. E-mail us at 
subs@linuxjournal.com or reach us via postal mail, 
Linux Journal, PO Box 16476, North Hollywood, CA 
91615-9911 USA. Please remember to include your 
complete name and address when contacting us. 

DIGITAL SUBSCRIPTIONS: Digital subscriptions 
of Linux Journal are now available and delivered as 
PDFs anywhere in the world for one low cost. 
Visit www.linuxjoumal.com/digital for more 
information or use the contact information above 
for any digital magazine customer service inquiries. 

LETTERS TO THE EDITOR: We welcome 
your letters and encourage you to submit 
them at www.linuxjoumal.com/contact or 

mail them to Linux Journal, PO Box 980985, 
Houston, TX 77098 USA. Letters may be edited 
for space and clarity. 

WRITING FOR US: We always are looking 
for contributed articles, tutorials and real- 
world stories for the magazine. An author's 
guide, a list of topics and due dates can be 
found on-line, www.linuxjoumal.com/author. 

ADVERTISING: Linux Journal is a great 
resource for readers and advertisers alike. 
Request a media kit, view our current 
editorial calendar and advertising due 
dates, or learn more about other advertising 
and marketing opportunities by visiting us 
on-line, www.linuxjoumal.com/advertising. 
Contact us directly for further information, 
ads@linuxjournal.com or -i-l 713-344-1956 ext. 2. 


ON-LINE 

WEB SITE: Read exclusive on-line-only content on 
Linux Journal's Web site, www.linuxjournal.com. 
Also, select articles from the print magazine 
are available on-line. Magazine subscribers, 
digital or print, receive full access to issue 
archives; please contact Customer Service for 
further information, subs@linuxjournal.com. 

FREE e-NEWSLETTERS: Each week, Linux 
Journal editors will tell you what's hot in the world 
of Linux. Receive late-breaking news, technical tips 
and tricks, and links to in-depth stories featured 

on www.linuxjournal.com. Subscribe for free 
today, www.linuxjournal.com/enewsletters. 


r 


PHOTO OF THE MONTH 


Have a photo you'd like to share with LJ readers? Send your submission to 
publisher@linuxjournal.com. If we run yours in the magazine, we'll send you a free T-shirt. 



Peter Wilson reading up on open-source code. Submitted by Tiffany Wilson. 


1 2 I july 2009 www.linuxjournal.com 








Welcome 

Access to High Speed Internet BienVCniclO 

Acccso a IntcMct de Alta Vc 


L 


□ 


[Attf »il0.wg 


AZA EL BOSOUE 


ELECON INFORMATION TECHNOLCDGY LTD 


< ^ <SP©T 



BOINCO 

WIRBLESS 


2? 


Spots 


Midceast 

Internet Solutions 


' U-. 


cX) 

Welcome to the Hotel 

HotSpot service 

HOTipr 

oeromE 

To use this service you must ask 
reception for user name and password. 

© 


Uttcl 

Username: 

KoovennScu 

Password 

\Jlky 



Welcom 

Baltimore/Washin 


Existing Users 

BOINGO MEMBER LOGIN 


ROAMING ACCOUNT LOGIN 
My wireless provider Is: 


ACCESSPASS CODE 
Enter AccessPass code 


submit 


This hotspot is a courtesy service to midcoast.com customer*- 
Pl«ase login with your midcoast.com «mail address to use the ho 


HOI ^055iP 


beat the Drum! 


«mail addrass 
password 


■m»s and other Ute hotspots are for customers of Midcoast internet 
solutions. If you kve or work in Midcoast Mane, we'd love to have you 
as a customer, you can learn more about our comprehensive kne of 
internet servKes at 


If you are a traveler, visitor, non-MIS customer, or have other short 
term Internet needs, we encourage you to meke use of the Abacus 
hotspot. 


I VALLE NEVAD Q 

k sii artnai rHiif 


Wireless Intenet Provider 


iHeasc Uf m to «ae Ike lemNct hetspet scrvKC 



Optii 



Mon Gep 29 1 2:54:10 2000 - Location: Marinanet - IP:203l 

Service Information : Local Information : Free Sites : LCr eate Hew A j 


Enjoy 

airport 

Bamej 


Biiy Online Tickets Or Buy 


Fnrgnltftn ynir Passwnrrf? Clink Hern 


. Login J 


Please Create New Account if you are a new user 
For support can AccessHlus on ISOt l'S9 vu from sam-spn 


View Pricing Plans 

Welcome to the new HotSpot login. 


Username/KuUama 
Password/5 


n , ,1 




7« ' 


MikroTik powered Hotspots around the world 

MikroTik RouterOS powered hotspots are everywhere. From Internet cafes in desert towns of Africa, 
to futuristic airport lounges in the US and five star hotels in the Mediterranean. Mikrotik can power 
your systems too. Free evaluation installations are available in our download section. 


www.mikrotik.com 


























































'FRONT 

NEWS + FUN 


diff -u 

WHAT’S NEW IN KERNEL DEVELOPMENT 


Geert Uytterhoeven has replaced the old, 
dead CVS repository for the m68k Linux 
port with a shiny new git repository, and 
added a make install build target, as 
well as various other code fixes. 

Steven Rostedt has updated ftrace 
to let users turn kernel tracepoints on 
and off simply by setting values in files 
in the /debug directory. 

Jaswinder Singh Rajput has added 
some performance-counting features to 
AMD K7 and later processors. A range of 
data can be tracked, including processor 
cycles, number of executed instructions, 
page faults and context switches. The 
patches seem likely to go into the kernel 
soon. Ingo Molnar has given his endorse¬ 
ment and offered some bug reports to 
which Jaswinder responded quickly. 

Matthew Wilcox has done a major 
rewrite of the MSI HOWTO. The Message 
Signaled Interrupts (MSI) HOWTO had not 
been updated significantly since 2004. It 
provides a mechanism for triggering inter¬ 
rupts on PCI devices, entirely in software. 
Previously, PCI devices needed to have a 
physical pin corresponding to the desired 
interrupt. MSI is much more flexible, and 
proper documentation will be quite useful. 
Grant Gundler and Michael Ellerman 
offered their own technical feedback to the 
HOWTO, and Randy Dunlap and Sitsofe 
Wheeler helped polish up the language. 

Cheng Renquan has enhanced the 
KBuild system, so that when viewing 
help for any given compilation option, the 
currently selected build choice is visible at 


the same time. He also made various less 
user-visible changes, and Randy Dunlap 
has signed off. 

Alex Chiang has submitted a bunch 
of PCI patches, including code to create 
/sys/bus/pci/rescan, a user-controlled file that 
can force a rescan of all PCI buses on the 
system. He added several other files to the 
/sys/ directory to give greater and greater 
PCI control to the user. 

It's nice to remove features that no one 
uses. For one thing, it can simplify kernel 
code greatly. H. Peter Anvin wanted to 
remove the zimage build target recently 
and asked if anyone was still using it. As it 
turns out. Woody Suwalkski noted that 
ARM still used zimage. H. Peter probably 
will remove it from the x86 tree and leave 
ARM alone. 

Bartlomiej Zolnierkiewicz has 

expunged the IDE floppy and tape 
drivers from the kernel and the 
MAINTAINERS file and listed them in the 
CREDITS file instead. He thanked Gadi 
Oxman and Paul Bristow for all the work 
they did in the early days on those drivers. 

Michael Kerrisk has removed his name 
as the official maintainer of the kernel 
man pages. The Linux Foundation fund¬ 
ing has run out, and a supplemental round 
of Google funding also has run out, so 
now he'll have to focus on other things. He 
still plans to support the project as best he 
can, but he cautions that the man pages 
likely will be orphaned soon, if no further 
funding or willing maintainer steps forward. 

— ZACK BROWN 



rr%iKr«t#kv uy iiiiaa rro^vr 




WORM. WHAT 
15 THIS OKJ 
M/ 66ReeKJ? 


IT IS KNJOWKJ AS 
“UBUWTCI" YOUR 
I^HOROCISWeSS/ 


OH...YOU HOW J 

6ARLI6R WINDOWS ^ 
weRe cooeMAMeD?^ 
LIKe -LONJ6HORM" AMO 
“6HI6AOO"? -UBUMTU" 
IS FOR WIMOOW5 7. J 


WHAT?/ WHSRe 
gw IS M/ VISTA?/^ 
Jll OMiy VISTA IS 
IK APPROVeO FOI 


OH...WeLL, THIS'I 
“(iBciMTU" seeMS 
veR/KNce... ^ 


They Said It 


Don’t you wish there was a knob on 
the TV to turn up the intelligence? 
There’s one marked “Brightness”, but 
it doesn’t work. 

—Gallagher 

Nobody in the game of football 
should be called a genius. A genius 
is somebody like Norman Einstein. 

—Joe Theismann 

Downgrade rights are hugely impor¬ 
tant for Windows 7.Will Microsoft 
offer downgrades [from Windows 7] 
to XP? They’ve not answered that 
question yet. But it’s really important. 
—Michael Silver, Garter analyst 

One day soon the Gillette company 
will announce the development of a 
razor that, thanks to a computer 
microchip, can actually travel ahead in 
time and shave beard hairs that don’t 
even exist yet. 

—Dave Barry 

Once a new technology rolls over 
you, if you’re not part of the steam¬ 
roller, you’re part of the road. 

—Stewart Brand 

The Internet today is an open platform 
where the demand for Web sites and 
services dictates success.You’ve got bar¬ 
riers to entry that are low and equal for 
all comers. And it’s because the Internet 
is a neutral platform that I can put on 
this podcast and transmit it over the 
Internet without having to go through 
some corporate media middleman. I can 
say what I want without censorship. I 
don’t have to pay a special charge. But 
the big telephone and cable companies 
want to change the Internet as we know 
it.They say they want to create high¬ 
speed lanes on the Internet and strike 
exclusive contractual arrangements 
with Internet content-providers for 
access to those high-speed lanes.Those 
of us who can’t pony up the cash for 
these high-speed connections will be 
relegated to the slow lanes....We can’t 
have a situation in which the corporate 
duopoly dictates the future of the 
Internet and that’s why I’m supporting 
what is called Net Neutrality. 

—President Barack Obama 


14 I july 2009 www. I i n uxj o u r n a I. co m 













[UPFRONT] 


LJ Index 
July 2009 


1. Percent of US homes that don't have Internet 
access: 29 

2. Percent of US homes that think the Internet is 
useless: 12.7 

3. Highest average number of spams per user in a 
single day in 2008 (April 23) at Google: 194 

4. Approximate number of spams per second that 
can be attributed to the McColo ISP (recently shut 
down): 33 

5. Approximate number of spammers responsible 
for 80°/ of Internet spam: 200 

6. Rank of US in list of “10 Worst Spam Origin 
Countries”: 1 

7. Rank of China in list of “10 Worst Spam Origin 
Countries”: 2 

8. Rank of Russian Federation in list of ”10 Worst 
Spam Origin Countries”: 3 

9. Rank of United Kingdom in list of “10 Worst Spam 
Origin Countries”: 4 

10. Rank of South Korea in list of “10 Worst Spam 
Origin Countries”: 5 

11. Approximate cost per megabyte of RAM in 1957: 

$411,041,792 

12. Approximate cost per megabyte of RAM in 2008: 

$0,021 

13. Billions of dollars of legal music downloads in 
2008: 3.7 

14. Percent increase in legal music downloads from 
2007 to 2008: 25 

15. Downloaded music sales as a percent of total 
music sales: 20 

16. Percent of total music downloads that were not 
“legal”: 95 

17. Average “step-on-it” factor used during software 
estimation phase: 2.5 

18. Average number of weeks left to complete a 
software project: 2 

19. US National Debt as of 04/05/09,1:29:32pm CDT: 

$11,135,460,534,223.90 

20. Change in the debt since last month's column: 

$185,190,792,300 

Sources: 12: Park Associates 1 3: Google Message 
Security Data Centers I k Spamcorp 1 5-10: Spamhaus 
11,12: www.jcmit.com/memoryprice.htm 
13-16: IFPI 1 17,18: Common knowledge 
19: www.brillig.com/debt_clockl20: Math 


NON-LINUX FOSS 


IronPython is an implementa¬ 
tion of Python that runs on the 
.NET framework as well as on 
Mono. The current version of 
IronPython is compatible with 
Python 2.5, and an alpha 
release of a Python 2.6-com¬ 
patible version also is available. 
IronPython is written entirely in 
C#, and the current version is 
built on top of the Dynamic 
Language Runtime (DLR). 

IronPython features an 
interactive console that does 
full dynamic compilation of Python code to .NET. It provides full access to 
all .NET libraries while maintaining compatibility with the Python language. 

There also is a Visual Studio plugin called IronPython Studio that supports 
the creation of Python-based GUI applications. In addition to IronPython, there 
are "Iron" versions of Ruby and Scheme (LISP). If you like Python but crave 
static typing, check out BOO for .NET/Mono. 

IronPython is licensed under the terms of the "Microsoft Public License", 
which was approved by the Open Source Initiative (OSI) in October 2007. The 
license allows redistribution of compiled code for either commercial or noncom¬ 
mercial use (similar to a BSD license). For this reason, although it is recognized 
as a "free" software license by the Free Software Foundation, it is considered 
incompatible with the GPL. And, if getting too close to Microsoft makes you 
nervous, be aware that the IronPython Project is hosted on a Microsoft-controlled 
site: codeplex.com.— MITCH frazier 



IronF^thon Studio (from ironpythonstudio.codeplex.com) 


Netbooks— ^Dying or Evolving? 

I'm just as guilty as everyone else that jumped on the Netbook bandwagon when 
it started with the 7" Eee PC. After a few weeks, the limitations of such tiny 
notebooks become fairly clear. The Netbook market has evolved to the point that 
it's almost laughable. What are the latest features of that market? Bigger screens! 
Ten- to twelve-inch screens are becoming the new rage in the "Netbook" world. 

Urn, we had 12" screens before. We called them notebooks. I'm not sure if 
the Netbook fascination is wearing off or if low-power laptops are just going to 
become the norm. Because "low power" is becoming a misnomer as the CPU 
speeds creep up on ultra-portables, I think the term Netbook might just die away. 

Another option is that something like Android, Moblin or Ubuntu Netbook 
Remix will standardize the tiny-screen laptop market, and it will become more 
like a souped-up cell phone as opposed to a stripped-down notebook. One 
thing seems clear, the days of a 7-9" screen running a customized and minimal 
Linux distribution are fading away into history. Is the Netbook a dying fad or 
still an infant going through growing pains? Sadly, I think that depends on 
how hardware manufacturers choose to push their upcoming models. 

I certainly don't have the ability to see the future, but I hope the future of 
Netbooks doesn't continue along the path of adopting Microsoft Windows. 
Low-powered hardware just begs to have the Linux kernel running on it. If the 
interface could be something standard that ran familiar applications, we might 
have a chance to retake the entire Netbook market. Only time will tell, and only 
hardware manufacturers can pick the standard.— shrwn powers 


www.linuxjournal.com ju ly 2009 I 1 5 





















[UPFRONT] 


be—When Integers Aren’t Enough 


Most people have the need to do some kind of math when they are 
using a computer. In shell scripts, you can make integer calculations by 
using functionality in the shell itself. But what if that's not enough? 
Luckily, the POSIX standard includes a very useful command-line utility 
called be. With this, you can do arbitrary precision arithmetic. Actually, it 
is a complete, C-like language that can do some pretty sophisticated 
programming, supporting variables and functions. 

In be, numbers are all represented internally as a decimal number. 
They have a length, which is the total number of digits, and a scale, 
which is the number of decimal spaces. You can find these values by 
using the built-in functions lengthQ and scaleQ. For example, the number 
10.23 would have a length of 4 and a scale of 2. The variable scale 
holds the number of decimal places to keep when internal functions are 
executed. The default value is 0. be supports all number bases from 
2-16, with base-10 being the default. The input and output base of 
numbers can be set by using the variables ibase and obase. All of the 
basic mathematical operations are supported in be. You can multiply, 
divide, add, subtract, do mod and exponentiation. There are all of the 
standard comparison operations too. Less than, less than or equal to, 
greater than, greater than or equal to, equal to and not equal to all give 
results of 0 for false and 1 for true. This is very useful in the conditional 
statements available in be. 

be can be used in shell scripts or on the command line as a very 
effective calculator. It will read from a list of files given on the command 
line or read from standard input. On the command line, expressions 
simply can be echoed through a pipe to be: 

echo "1+1" I be 

The above will give the answer of 2. As a more complex example, 
the sine of 5 can be assigned to a shell variable with the following: 

RESULT^'echo s(5) | be -1' 

The -I command-line option tells be to load the math library, 
giving access to the trigonometric functions. 

As a bit of a contrived example, say there are two values and you 
need to find out which one has a larger sine. With the math library and 
the built-in comparison operations, you can do this with the following: 

echo "s(5) < s(10)" I be -1 

The result 1 is printed out on standard output, verifying that the 
sine of 5 is less than the sine of 10. be can print out a text string telling 
the user whether the result is true or false with the following: 

echo 'if (5(5) < s(10)) print "trueXn" else print "falseXn"' | be -1 

This prints out the word true. If this string is to be stored in a vari¬ 
able, the newline characters would be removed from the executable 
line. This value then can be used later in a shell script by saving it to a 
shell variable. 

What if you have a data file of input values and you want to apply 
some function to them? Say you need to calculate the logarithm base- 
10 of each value and dump it into another file. The following example 
takes a list of the first ten numbers, calculates the logarithm base-10 
of each number and writes the value into the file output.1st: 


LIST="0 123456789" 
for INPUT in $LIST 
do 

echo "1($INPUT)/1(10)" | be -1 >>output.lst 
done 

These examples already have done some useful work, but 
what if the requirements are more robust? Does this necessitate 
a move to a heavyweight math program, like Mathematica or 
Maple? Not necessarily. With be, you can create and use functions 
to make more complicated calculations. Even recursive functions 
can be written, like in this example to calculate a factorial: 

define f (x) { 

if (x <= 1) return (1); 
return (f(x-1) * x); 

} 

print "Factorial:"; factorial = read(); 
print f(factorial); print "\n"; 
qui t 

This can be dumped into a file called fact.be and run through be 
to get the factorial of some number by executing: 

be fact.be 

This script asks the user for a number and then finds the 
factorial. It can be used without interaction simply by feeding 
the number in to standard input with a pipe: 

echo 10 I be fact.be 

This prints out the factorial of 10 (3628800) to standard output. 
But, how fast can such a program be? For a variety of values run on 
a generic laptop, the following times were measured: 

10 0.004s 

100 0.004s 

1000 0.028s 

10000 3.099s 

These times were averaged over three runs to account for 
varying system load. It seems more than fast enough to be useful 
for a lot of heavy work. 

For a more scientific example, the following be script finds how 
long it takes for an object to fall from a series of heights: 

define t(h) { 
g = 9.81; 

return (sqrt(2 * h / g)); 

} 

Now there is no excuse for abandoning a shell script simply 
because it can't handle some mathematical problem. With be, you 
can do a lot of really useful work straight from the command line. 

Go forth and enumerate. 

— JOEY BERNARD 


1 6 I july 2009 www.linuxjournal.com 



[UPFRONT] 


STOP BURNING CDS; BURN 
USB DRIVES INSTEAD 


It seems that every week there's a new version of some Linux distribution available. 
I don't know about you, but I have enough burned "last version" CDs to build a 
very reflective fort in the backyard. I'm also really bad about labeling CDs when I 

burn them, so I 


end up burning 
the same CD 
over and over. 
Thankfully, there 
is help for people 
like me— 
Unetbootin. 

I did a video 
tutorial on this 
a while back, 
but the gist of 
Unetbootin is 
that you create 
a bootable USB 
drive instead 
of burning an 
installer CD. The 

application automatically will download the latest CD image, or you can create a 
bootable USB drive from an already-downloaded ISO file. Unetbootin even works 
in Windows, so if you're stuck with only a Windows machine, you can create a 
bootable USB drive to install our favorite operating system. 

The great thing is that USB drives are easily rewritable. Most modern systems 
will boot from them without issue. The only downside is that it's harder to build 
forts out of USB drives. So, unless you really want to build that highly reflective 
fort. I'd suggest checking out Unetbootin. 

Unetbootin video tutorial: www.linuxjournal.com/video/ 
creating-bootable-usb-instail-drives-unetbootin. 

— SHAWN POWERS 



Mobile Linuxjournal.com 


After reading all about mobile Linux this month. I'm guessing you might be 
in the mood to take your Linux Journal mobile too. If you haven't visited our 
mobile version at m.linuxjournal.com, you missed the chance to catch all 
the content you find on Linuxjournal.com formatted to fit your mobile 
device. Even if you have visited us on your mobile device, you may have 
missed the link to our mobile videos. Scroll down to the bottom of the 
screen, and you'll see a link to our videos on YouTube mobile, which 
provides our videos in 3gp format for your mobile device. Just think, now 
you can whip out Shawn Powers' tech tips any time and almost anywhere! 
Happy viewing! 

— KATHERINE DRUCKMAN 



EFl-X: When 
Dual Boot 
Isn't Enough 

I recently was contacted by the folks 
selling the EFI-X. It's a small USB 
device that allows EFI-booting operat¬ 
ing systems to boot on traditional 
BIOS-based machines. The big selling 
point for such a device is that it allows 
native booting of Apple OS X on 
off-the-shelf PC hardware. I couldn't 
get any specifics as to why a Linux 
user would benefit from such hardware, 
but at the same time, I guess it's useful 
to know Linux is fully compatible with 
EFI-booting technology. 

So although the $240 it takes to 
buy an EFI-X module won't really 
benefit your Linux install very much, 
if you want to install OS X on your 
trusty Linux machine, you now can 
do so. It most likely violates EULA 
terms with Apple to install on 
non-Apple hardware, but it doesn't 
require a hacked and pirated version 
of OS X to install. I bought an EFI-X, 
and OS X installed from the retail 
DVD right next to my Linux install. 

It takes a separate drive for each 
operating system, but I now have a 
triple-booting quad-core computer 
that cost less than $800. If you 
don't want to buy Apple hardware, 
but would like to dual- (or triple-) 
boot your system, check it out: 
www.expresshd.com. 

— SHAWN POWERS 


www.linuxjournal.com ju ly 2009 I 1 7 










































COLUMNS 


AT THE FORGE 


Checking Your Ruby 
Code with metric_fu 

REuvEN M. LERNER By Combining automated testing with automated code analysis, you can 
make your Ruby code easier to test and easier to maintain. 



Among programmers, there has long been a dispute 
between those who want a language to constrain 
them and those who want great flexibility. 

If you have been programming for a while, you'll 
understand the benefits that each side touts. A rigid 
language can help check your code, often using a 
compiler and a strict type system, to find potential 
problems before they make their way into produc¬ 
tion systems. By contrast, a more flexible language 
is designed with the knowledge that compiler 
and strict typing don't find all bugs and often 
force programmers to work around the system's 
constraints, rather than benefit from them. 

This brief description is little more than a carica¬ 
ture of modern programmer attitudes. But, it does 
point to a tension programmers often face when 
choosing a language. How much do you want the 
language to constrain you, and what trade-offs are 
you willing to make? Would you rather have a strict 
language that doesn't let you express yourself the 
way you want or a flexible language that won't stop 
you from doing something foolish or dangerous? 

Done correctly, testing actually can be 
better than a compiler and strict typing. 

Like many Web developers, I have come to 
prefer dynamic, flexible languages. I don't want 
the language to stop me preemptively from doing 
things, even if what I'm doing might seem crazy or 
weird. I've become quite a fan of Ruby over the last 
few years because of the balance it tries to strike. 

However, the lack of a compiler or other tool 
to perform regular sanity checks does bother me 
somewhat. I wouldn't ever claim that a compiler is 
the only tool a programmer should use to test the 
code, but it does perform a first-pass inspection 
that can provide some useful feedback. 

Fortunately, the Ruby community encourages the 
use of regular automated testing to ensure that 
code works in the way you expect. Done correctly, 
testing actually can be better than a compiler and 
strict typing. It can check the code at multiple levels, 
reflect actual use cases and serve as a sanity check 
not only for the code's syntax, but also for its logic 


and specification. Moreover, writing tests forces 
programmers to reflect on their work, chewing over 
how they have implemented a particular feature. 
Such reflection is an essential part of the learning 
process, and it offers programmers a chance to 
become better at their craft, as well as to write 
better programs. 

Automated testing, accompanied by automated 
analysis, thus, can help improve programmers, as 
well as improve the programs they write. So, I was 
delighted to discover metric_fu, a Ruby gem from 
Jake Scruggs and others that pulls together some 
of the best-known analysis tools in one convenient 
package for Rails programmers. The combination of 
these various tools—including rcov. Flay and Flog— 
makes it easy to locate potential problems in code 
you've written and improve it. Automated analysis 
tools won't ever provide you with 100%-accurate 
feedback, but it's always good to get this sort 
of input. 

This month, I look at metric_fu and some of 
the code-analysis tools it makes available to Rails 
programmers. It's true that metric_fu is "just" a 
wrapper for these individual tools, but by making 
them so easily available and integrated with the 
rest of your testing, you'll constantly be in a 
position to understand where potential problems 
might lie and to fix issues before they cause you 
any real trouble. 

Installing metric.fu 

metric_fu is a Ruby gem, which means you can 
download and install it with: 

sudo gem install metric_fu 

The metric_fu gem specification automatically 
requires a number of other gems that it uses, 
including rcov and Flog. So installing the metric_fu 
gem should mean your system is ready, without the 
need for additional downloads and installations. 

Assuming you are using metric_fu with Rails, 
you probably will want to tell Rails that it should 
look for and include the metric_fu gem. You can 
do this in modern versions of Rails by adding the 
following line to config/environment.rb: 


1 8 I july 2009 www.linuxjournal.com 






config.gem ']scruggs-inetric_fu', :version => '0.9.0', 

:lib => 'inetric_fu', :source => 'http://geins.github.coin' 

In other words, you want Rails to load the gem 
known as metric_fu, which can be downloaded 
from Github as jscruggs-metric_fu, version 0.9.0. If 
this gem does not exist, Rails will exit with an error. 

Finally, you must add a line to your Rails applica¬ 
tion's Rakefile, telling it you want to load the Rake 
tasks associated with metric_fu: 

require 'metric_fu' 

Once this is complete, you should find a number 
of new tasks, all of whose names start with metric, 
available in Rake. You can list them with: 

rake -T | grep metrics 

I typically run all the tests, which you can 
invoke with: 

rake metrics:all 

This runs all of the software metric_fu works 
with, a list that has grown somewhat in the 
last year. At the time of this writing, running 
metrics: all includes: 

■ churn: which files change the most? 

■ coverage: which parts of your code are tested? 

■ flay: which parts of your code are duplicated? 

■ flog: is your code unnecessarily complex? 

■ reek: does your code suffer from well-known 
bad practices? 

■ saikuro: how complex is your code? 

I cover a number of these tests in greater detail 
below. But, before continuing, it's important to note 
that metrics: all will fail to run all the tests if the 
rcov coverage tool encounters one or more errors. This 
isn't a problem if you test frequently, but it can bite 
you if you break a test and then run metrics: all. 

When you run the full report with rake 
metrics : all, metric_fu puts all the output files 
under your application's tmp/metric_fu directory. 
Each test has its own separate subdirectory and 
produces output in HTML for easy reading with 
a Web browser. The fact that the files are put in 
tmp/metric_fu makes them easy to find and view 
on a local system, but it requires that you move 
them into a Web-accessible directory (for example. 


public/tmp/metric_fu) if you want to view them 
from a remote machine. It should go without 
saying that you don't want this information to 
appear on a Web site that is publicly viewable, 
so be sure to password-protect or delete these 
reports to avoid unpleasantness. 

Although metric_fu's defaults work for 
most initial cases, you may find yourself wanting 
to customize one or more of its tests. You can 
do this within your Rakefile by adding a 
MetricFu::Configuration block and invoking config.*, 
where * is one of the tests that metric_fu brings 
in. For example, you can customize which tests 
run for :all with: 

MetricFu::Configuration.run do |config| 

config.metrics = [:coverage, :flog] 

end 

If you modify config.metrics to include only a 
subset of metric_fu's tests, you may find yourself 
puzzled when other tests fail. For example, if you 
were to set config.metrics to the above value of 
[:coverage, :flog], invoking rake metrics: reek 
would fail, with Rake complaining that it wasn't 
able to find such a task. 

Code Coverage 

Perhaps the best-known member of the metric_fu 
family is rcov, the Ruby code-coverage checker, 
written by Mauricio Fernandez, rcov invokes all 
your automated tests and then produces a report 
indicating which lines of your source code files 
were untouched by those tests. This allows you to 
see precisely which lines of each file have been 
tested, letting you concentrate on those paths that 
are highlighted in red (that is, untested), rather 
than writing additional tests for code that already 
has been tested. 

rcov, as invoked by metric_fu, produces two 
basic types of HTML output. One provides an 
overview of the pages of a site. This output, with 
red and green bar graphs, shows the percentage of 
each file that has been secured. If any of your files 
has a graph whose bar is partly red, this tells you 
on which files to concentrate your initial effort. 

But, once you have decided to make sure that a 
particular file has better test coverage, which lines do 
you improve? That's where rcov's individual file out¬ 
put comes in handy. It shows the source code of the 
file, with lines of the code in either green (to show 
that it was covered in tests) or red (to show that it 
was not). If you have any red lines, the idea is for you 
to add tests that force those lines to be covered next 
time around. And, of course, if there are red lines 
that don't need to be there, rcov has helped you 
refactor your code, making it leaner and meaner. 


www.linuxjournal.com ju ly 2009 I 1 9 



COLUMNS 


AT THE FORGE 


Reading rcov's output is pretty simple—you want 
everything to be green, rather than red. Any red is an 
invitation to write more tests or realize that the code 
is no longer in use and can be removed. 

One of the main reasons for testing your code is 
that it gives you some peace of mind when you make 
further changes. So, although you can refactor and 
otherwise change your code without 100% test cov¬ 
erage, it's always possible something will slip through 
the cracks. For that reason, rcov should be your first 
priority when using metric_fu. Once your code cover¬ 
age is high enough to ensure that new problems and 
changes will be detected, you can try to make your 
code better, without changing what it does. 

Flog 

Another tool that comes with metric_fu is Flog, writ¬ 
ten by Ryan Davis. Flog produces what it calls a "pain 
report", identifying code that it believes to be "tor¬ 
tured"—in such pain that you really should rescue it. 
Even if you disagree with some of its results, looking 
at Flog's output often can provide an interesting per¬ 
spective on your code's complexity. It measures variable 
assignments, code branches (that is, if-then and 
case-when statements) and calls to other code, 
assigning a score to each of those. The total Flog score 
is the sum of the individual items that Flog finds. 

As the Flog home page says, "the higher the 
score, the harder it is to test". Even if you're not 
worried about testing, you certainly should consider 
other programmers who might work on your project. 
Complex code is hard to maintain, and maintaining 
software is (in my view) a bigger problem than 
writing it. So, by looking at Flog's output, you 
can get a sense of how hard your code will be 
for someone else to understand. 

Flog produces what it calls a “pain 
report”, identifying code that it believes 
to be “tortured"—in such pain that you 

really should rescue it. 

metric_fu provides an FITML version of Flog's 
output. I demonstrate it here from the command 
line, where it can be run as: 

flog *.rb 

This produces a simple set of outputs, such as the 
following, which I got for a small project I recently 
worked on and didn't test or analyze much: 


181.0: flog total 
60.3: flog/method average 


72.5: UploadController#advertiser_file_action 
70.1: UploadController#whitepage_listing_file_action 

This would seem to indicate that my upload 
controller has two different methods, both of which 
have a relatively high level of complexity. I can get 
further information about these two methods by 
invoking Flog with the -details command-line 
argument. That gives me the following output, 
which I have truncated somewhat: 


-/Consult!’ng/Modi info/modi info/app/controllers$ flog --detaiIs 
upload_controller.rb 
181.0: flog total 
60.3: flog/method average 

72.5: UploadController#advertiser_file_action 
40.6: assignment 
17.3: branch 
4.8: split 
4.0: blank? 

3.2: strip 
3.2: params 
3.1: + 

3.0: map 
2 . 8 : [] 

2.1: downcase 

In other words, a large proportion of Flog's high 
score results from the large number of variable assign¬ 
ments in UploadController#advertiser_file_action. And 
sure enough, I have a bunch of variable assignments in 
that method, which led to a high score. For example, I 
wanted to display the number of uploaded records 
to the end user, and, thus, had the following code, 
assigning values to instance variables: 


if advertiser.save 

@number_of_successes = @number_of_successes + 1 
else 

@number_of_failures = @number_of_failures + 1 
@error_messages[index] = advertiser.errors 
next 
end 


I find this code easy to read and maintain, but 
Flog thinks otherwise, preferring a more functional 
style of programming, with methods chained together. 
This is one case in which I'll take Flog's assertions 
and scores into consideration, but I'll apply my own 
judgment regarding the complexity of my code and 
whether it needs to be changed or updated. 

Flay 

One of my favorite tools that comes with metric_fu 
is Flay, also by Ryan Davis, which looks for duplicate 


20 I july 2009 www.linuxjournal.com 





code. One of the key principles of good coding is 
DRY (don't repeat yourself), and Flay makes it easy 
to find places where your code could use some extra 
DRY-ness. By running: 

rake metrics:flay 

you will get a nicely formatted report showing 
the places where your code has exact duplicates 
(which are embarrassing and problematic 
enough) and structural duplicates. So, if you 
have the same variable assignment in multiple 
controllers. Flay will find those for you and will 
point to the need for refactoring. For example, 
the simple project on which I hadn't yet run Flay 
had three methods, each of which contained the 
following identical code: 

if params[ifilename].blank? 

flash[:notice] = 'No file was attached. Please try again.' 
redirect_to :back 
return 
end 


If this sort of code appears three times in the 
same controller, it means some refactoring is in 
order. In this particular case, I can remove the problem 
by putting this code into a separate method and 
then by defining a before_filter: 

before_fi1 ter :check_for_blank_filename, 

:only => [:residence_file_action, 

:advertiser_file_action, 

:whitepage_listing_file_action] 

Flere is the method, which looks (not surprisingly) 
just like the code that was duplicated: 

def check_for_blank_filename 
if params[:filename].blank? 

flash[:notice] = 'No file was attached. Please try again.' 
redirect_to :back 
return 
end 
end 

Re-running Flay indicates that I now have made 


Expert included. 

Art is the Silicon Mechanics education and research expert. Flis mission is to consult 
with academic and research institutions and offer them the most compute power they 
can get for their money. Recently he's been talking with them about significant advances 



in personal supercomputing. 



Silicon Mechanics and the Silicon Mechanics logo 
are registered trademarks of Silicon Mechanics, Inc. 
AMD, the AMD Arrow logo, AMD Phenom, and 
combinations thereof are trademarks of Advanced 
Micro Devices, Inc. 


The Flyperform FIPCg A2401 from Silicon Mechanics is a personal supercomputer 
with NVIDIA® Tesla™ GPU technology. This workstation starts with the 
AMD Phenom^M X4 processor, 8GB of DDR2 RAM, and it supports 
up to 8 hot-swap hard drives. With the addition of the NVIDIA 
Tesla C1060 GPU (or two, or three), the A2401 can 
outperform a small cluster—and it can do it without 
a cluster's noise, complexity, or cooling requirements. 

Best of all, it can do it without a cluster's price tag: 
the A2401 starts at a very user-friendly $3139. 

When you partner with Silicon Mechanics, you get 
more than high-end compute power at astonishingly 
affordable prices—you get an expert like Art. 


For more information about the Hyperform HPCg A2401 
visit www.siliconmechanics.com/TeslaPSC. 


TESLA- 

PREFERRED 

PROVIDER 































COLUMNS 


AT THE FORGE 


my code DRY-er than before, increasing its readability 
and making it easier to test. Sure enough, the Flay 
score for this controller dropped from 392 to 221. 
The measures are meaningful only relative to one 
another, but it seems undeniable that the code is 
now better, and the numbers reflect that. 

Flay can find subtler similarities as well, indicating 
where two pieces of code look similar to one another. 
For example, I had the following two lines in my 
code, in separate locations: 

(name, telephone, address, url, email, category_string) = 
line.split("\t").map { |f| f.strip } 

(company, telephone, address, url, email, category_string) = 
line.split("\t").map{ |f| f.strip} 

Flay noted that this code is almost identical and 
can be refactored to be a bit DRY-er. Would I actually 
change this code? Maybe and maybe not, but at 
least I'm more fully aware of it, which is important 
in and of itself. If and when I spend time refactoring 
this code. Flay will point to the first and most 
necessary areas that need attention. 

Reek 

Finally, I should mention Reek, a tool written 
by Kevin Rutherford, which also is invoked by 
metric_fu. Reek looks for "code smell" or code 
that doesn't follow commonly accepted style. This 
includes finding code duplication (similar to what 
Flay does), as well as long methods and poorly 
named variables. It also tries to find cases in which 
a method sends more messages to another object 
than to itself, which it calls feature envy, and 
methods that contain more than five lines of 
code, which are flagged as long. 

For example, regarding code I mentioned above, 
which read: 

(company, telephone, address, url, email, category_string) = 
line.split("\t").map{ |f| f.strip) 

Flay noticed that this code was duplicated. But 
beyond that, a one-letter variable name is almost 
always a bad idea, because it reduces the readability 
of the code. Sure enough. Reek will flag this code 
as having an "uncommunicative name" for the 
variable f. 

Even if I'm not totally sold on "Reek-driven 
development", as Rutherford describes on the Reek 
home page. Reek is a useful way to find potential 
problems and provide additional feedback on the 
program that I'm writing. 

Conclusion 

Because of its dynamism and flexibility. Ruby offers 


programmers the chance to do things that might 
lead to maintainability problems down the road. 
Fortunately, the Ruby community has produced a 
set of excellent tools for automated testing and 
analysis that make it possible to produce high- 
quality code that is easy for others to follow, test 
and maintain. metric_fu puts many of these tools 
into a single package, making it easy to run a 
variety of tests on your code.a 


Reuven M. Lerner, a longtime Web/database developer and consultant, is a PhD 
candidate in learning sciences at Northwestern University, studying on-line 
learning communities. He recently returned (with his wife and three children) 
to their home in Modi’in, Israel, after four years in the Chicago area. 


Resources 


The Ruby language comes with all modern 
Linux distributions, but it can be downloaded 
from www.ruby-lang.org. The Ruby on 
Rails framework for Web development is at 

www.rubyonrails.com. 

Like many modern Ruby gems, metric_fu is 
hosted at Github, a commercial git hosting 
service that offers free accounts to open-source 
projects. You can download metric_fu from 

github.com/jscruggs/metric_fu/tree/master. 

And, you can download rcov from github.com/ 
spicycode/rcov/tree/master, and Flay, Flog and 
Reek from github.com/seattlerb/flay/tree/ 
master, github.com/seattlerb/flog/tree/ 
master and wiki.github.com/kevinrutherford/ 
reek, respectively. 

Two excellent essays on the nature of program¬ 
ming languages, and depending on type systems 
and the compiler, are Steve Yegge's blog entry 
about the return of dynamic languages 

(steve-yegge.blogspot.eom/2008/05/ 
dynamic-languages-strike-back.html) and 

Bruce Eckel's essay on the use of testing instead 
of strong typing to ensure good code 

(www.mindview.net/WebLog/log-0025). 

Donald Schon's excellent book. The Reflective 
Practitioner, describes different ways professionals 
can and should reflect upon their work while they 
are engaged in it. Although Schon does not 
mention programmers per se, what he says is 
very appropriate for programming work and 
has convinced me why automated testing and 
analysis tools are so valuable. 


22 I july 2009 www.linuxjournal.com 








Polywell Linux Solutions 

More Choices, Excellent Service, Great Value! 

Serving the Industry for More Than 20 Years 




4TB $1,399 
STB $2,399 
12TB $2,999 

- Dual Gigabit LAN 
-RAID-5,6,0,1,10 

- Hot Swap, Hot Spare 

- Linux, Windows, Mac 

- E-mail Notification 

- Tower or Rackmount 


Netdisk 8000V 

Quiet Performance NAS Storage 


Fanless Silent ITX PC 

IG DDR2, Solid State Drive starts at $299 
Low-Voltage processor, Low-profile Add-on Available 

Excellent for Linux Appliance 


4U 24Bay 36TB Storage Server 

Hardware RAID-6, NAS/iSCSI/SAN Storage 
Mix SAS and SATA, 4 x GigaLAN or 10Gbit LAN 


Mini-1 U Server for Data Center ISP 

Dual-Core or Quad-Core Processor 
4GB to 8GB RAM, 2 x 500GB RAID HD 



Polywell OEM Services, Your Virtual Manufacturer 
Prototype Development with Linux/FreeBSD Support 
Small Scale to Mass Production Manufacturing 
Fulfillment, Shipping and RMA Repairs 


■ 20 Years of Customer Satisfaction 

■ 5-Year Warranty, Industry's Longest 

■ First Class Customer Service r 


SiS765.96S6 

liniix<;pilp<;@pnlj/wpll rnm 

WWW. polywe 11. CO m/us/Lx 



Polywell Computers, Inc 1461 San Mateo Ave.South San Francisco,CA94080 650.583.7222 Fax:650.583.1974 POLYWELL 

NVIDIA, nForce, GeForce and combinations thereof are trademarks of NVIDIA Corporation. Other names are for informational purposes only and may be trademarks of their respective owners. 




















COLUMNS 


COOKING WITH LINUX 


Linux, Thunderbird and 
the BlackBerry—a Love 


MARCEL GAGN£ 

Keeping various devices in sync with our Linux systems can be the source 
of nightmares for many. After all asking for an open-source solution that 
can keep millions of smartphones, cell phones, e-mail clients, contact 
databases and calendars on the same planet, never mind the same page, 
seems akin to asking for the moon—^to which Chez Marcel would like to 
ask, “Would you like a nice rich Merlot with that moon?” 




Excuse me, Francois, but what are you doing? Are 
you sending text messages while you should be 
getting ready for the restaurant to open? You aren't? 
Well, if you aren't texting, what are you doing 
hunched over that cell phone? Quoi? You are typing 
into three cell phones? My apologies, mon ami, but 
now I really have no idea what you are doing. Ah, 

I see, you're trying to update your contact list and 
calendars, and you can't think of a way to do that 
with your Linux system. But, three phones? One is 
your BlackBerry, and the other two phones belong 
to your aunt and your mother. Sigh...tech support 
for the family on restaurant time, Frangois? What 
am I going to do with you? Put those phones 
down, and I'll show you a better way to synchronize 
all those contacts. Quickly! I can see our guests 
arriving even now. 

Good evening, everyone, and welcome to Chez 
Marcel, where excellent Linux and open-source 
software finds its match with exquisite wines. 
Please, sit and make yourselves comfortable, mes 
amis. Frangois was just getting ready to make his 
way to the cellar to get tonight's wine. Flurry, mon 
ami, and bring back the 2005 Vina Requingua 
Puerto Viejo Merlot from Chile that we were 
sampling, er, submitting to quality control earlier 
today. Vite, mon ami! 

While we wait for his return, let me tell you 
about Frangois' dilemma. He has multiple portable 
devices, including a BlackBerry, an Android phone 
and a Motorola RAZR, all of which he wants to 
synchronize with Evolution on his Linux notebook. 
On the store workstation, he uses Thunderbird 
instead, and at home, something else. Getting 
those contact lists, calendars and so on synchro¬ 
nized is easier than it sounds, and it all can be 
done with Linux and open-source software. 


All this is possible, and easy, with a great little 
package from a company called Funambol. The 
software itself also is called Funambol, and it is 
freely distributed and open source. Essentially, it's 
a program that lets you perform over-the-air (also 
known as OTA) synchronization of your contacts, 
calendars and so on, using your cell phone or 
smartphone, desktop contact management software 
(Evolution, Thunderbird, Outlook and so forth) and 
other hardware. Part of the magic behind all of it 
is SyncML (Synchronization Markup Language), 
which also is known as Open Mobile Alliance 
Data Synchronization (OMA DS). SyncML is an 
open standard for synchronizing information, 
such as calendars and contacts, that is platform- 
independent. Several mobile phone manufacturers, 
such as Motorola, Nokia and Sony Ericsson, 
already include SyncML in their devices. SyncML 
also supports e-mail, which is handy for those 
needing (or just plain wanting) an alternative to 
proprietary products, like the BlackBerry. 

Funambol consists of a server component and a 
client for your device or application. Start by getting 
your copy of Funambol server from funambol.org, 
and save it somewhere on your system. The package 
file, with a .bin extension, needs to be made executable 
before you execute it: 

chmod +x funambol-7.1.bin 
./funambol-7.1.bin 

The whole thing takes only a few seconds. The 
steps that follow are extremely simple. Type yes at 
the "agree to the above terms" prompt (it's the GPL 
version 3). You'll be prompted for an installation 
directory which, by default, is /opt. It's best to 
accept the default unless you have a very good 


24 I july 2009 www.linuxjournal.com 









iX-Neutron 



A Star Among Servers 




PROFESSIONAL SERVERS FOR YOUR BUSINESS 


In striving to bring our customers faster, more reliable servers, iXsystems, Inc. introduces the new 
iX-Neutron server line. The iX-Neutron server series brings intei’s® newest chip technologies to your 
business to provide an astronomicaily fast famiiy of machines. The intel® Xeon® Processor 5500 Series 
utiiizes these technoiogies to greatly increase speed, performance, and memory capacity, whiie saving 
energy simultaneousiy. The processor performance scales dynamically based on the requests and 
demands of the system. Visit us at http://www.iXsystems.com/neutron for more information and pricing. 



iX-N1204 

• 1U Form Factor with 4 Hot Swap 
SAS/SATA 3.5” Drive Bays 

• Duai intel® 64-Bit Socket 1366 
Quad-Core or Dual-Core, Intel® 
Xeon® Processor 5500 Series 

• Intel® 5520 Chipset with QuickPath 
Interconnect (QPI) 

• Up to 96GB DDR3 1333/1066/800 
^ SDRAM ECC Registered Memory 

(12 DIMM Slots) 

• 2 PCI-E 2.0 x8 or 1 PCI-E x16 
Expansion Siots 

• Intei® 82576 Duai Port Gigabit 
Ethernet Controlier 

• Matrox G200eW Graphics 

• Remote Management-iPMI 2.0 + 
IP-KVM with dedicated LAN 

• Slim DVD 

• 650W Redundant 80%+ High Efficiency 
Power Suppiy 



iX-N2280 

• 2U Form Factor with 8 Hot Swap 
SAS/SATA 3.5” Drive Bays 

• Dual Intel® 64-Bit Socket 1366 
Quad-Core or Duai-Core, Intei® 
Xeon® Processor 5500 Series 

• Duai Intei® 5520 Chipsets with 
QuickPath interconnect (QPI) 

• Up to 144GB DDR3 1333/1066/800 
SDRAM ECC Registered Memory 
(18 DIMM Siots) 

• 2 PCi-E 2.0 x16, 4 PCI-E x8, (1 In 
x16 slot) and 1 PCI-E x4 Expansion 
Siots 

• Intel® 82576 Dual Port Gigabit 
Ethernet Controiler 

• Matrox G200eW Graphics 

• Remote Management-IPMI 2.0 + 
IP-KVM with dedicated LAN 

• Siim DVD 

• 700W Redundant 90%+ High Efficiency 
Power Suppiy 



iX-N3216 

• 3U Form Factor with 16 Hot Swap 
SAS/SATA 3.5” Drive Bays 

• Dual Intel® 64-Bit Socket 1366 
Quad-Core or Duai-Core, Intel® 
Xeon® Processor 5500 Series 

• Duai Intel® 5520 Chipsets with 
QuickPath Interconnect (QPI) 

• Up to 144GB DDR3 1333/1066/800 
SDRAM ECC Registered Memory 
(18 DIMM Siots) 

• 2 PCI-E 2.0 x16, 4 PCI-E x8, (1 in 
x16 slot) and 1 PCI-E x4 Expansion 
Siots 

• intel® 82576 Dual Port Gigabit 
Ethernet Controiier 

• Matrox G200eW Graphics 

• Remote Management-iPMI 2.0 + 
IP-KVM with dedicated LAN 

• Siim DVD 

• 800W Redundant 80%+ High Efficiency 
Power Supply 


800-820-BSDI 

http://www.iXsysteiins.conn 

Enterprise Servers for Open Source 




Intel, the Intel logo, and Xeon Inside are trademarks 
or registered trademarks of Intel Corporation in the 
U.S. and other countries. 


Powerful. 

Intelligent 




COLUMNS 


COOKING WITH LINUX 


reason to do otherwise. The resulting folder will be 
/opt/Funambol. Once the product has been extracted, 
you'll be asked whether you want to start the 
server. Type yes and continue on. To make sure 
things are working properly, point your browser to 
http://localhost:8080/funambol/ds, and you should 
get status information back from the Funambol 
data synchronization server (Figure 1). 


^ http://localhost:8080/funambol/ds/ - Konqueror ? 

_ n X 

Location £Hit View Qo gookmarics Tools Settings Window Help 

Q, -; Q, o o t a i ^ 

0 

^ Lycdliuii: | v http7/localhost:8080/funambol/ds/ 


hunambol Data Synchronization server v./.l.e 



MdiisFuiidiibul 
Mod-DS Server] 
SwV-7.1.0 
HwV-- 


0EM-- 

OevID^fuiMabol 

DevTyp-server 

VerDTD-1.2 

UTC-liue 

SupportLarqeobis-true 
SupportNumberOtChanges-true 
ExIbX- fuiicnabol-snidr Islww 


'Retrieving 224 B from localhost... 


Figure 1. A Quick Test to Make Sure the Server Is Up 
and Running 

Of course, if you aren't running this test directly 
on the server, you'll want to change localhost to the 
hostname or IP address of the server. 

Funambol also comes with a simple Web 
app to test the contact as well as calendar cre¬ 
ation and update before you turn it over to 
your mobile device. Point your browser to 
http://localhost:8080/funambol to bring up the 
demo page. You won't be able to do a great 
deal at this point, other than read the terms and 
conditions and test a very limited Web client. That 
demonstration will allow you to log in as guest with 
a password of guest and create contacts (Figure 2) 



Figure 2. The Web client demo lets you create calendars 
and contacts, making it a better test. 


or a calendar entry. Once you have done so, update 
a record or two, and make sure the changes are 
being saved. 

Now that you know it works, you still can't do a 
great deal with Funambol in this form. In order to 
do more interesting things, you need to do a little 
system configuration. On the server side, there is a 
graphical administration tool. You can start it from 
the command line like this: 

cd /opt/Funambol 
admin/bin/funamboladmin 

A couple seconds later, you'll see the Funambol 
administration tool appear (Figure 3). To use the 
administration tool, you first need to log in. If you 
don't see the login window up front, click File on 
the menu bar, and select Login. By default, the 
admin password, sa, already is set (you always can 
change it later), but for now, simply click Login. 


--- 

tli. MW* *1 




1 

li 

i 

j 




?5S-! 





rijnirf«H)l Mrrtfn^ji4il(inTiM0l 



11 


T, 


r 1 ^. II fiii^ 

a 

\si 




zl 

* 


Figure 3. Funambol Administration Tool and Login Screen 


The Funambol administration tool is divided into 
three panes: a navigator pane fills the top left half, 
an admin tool pane is at the top right, and a status 
pane is located along the bottom (Figure 4). Take a 
look at the navigator window, and you will see your 
system's domain name at the top. To expand the 



Figure 4. On the left, you can see the Funambol administration 
tools system navigator with several expanded properties. 


26 I july 2009 www.linuxjournal.com 



































































Celebrating 15 years of Unux Journal, 

we've brought together every article 
ever published in the world's #1 
Linux magazine and packaged it 
in one convenient CD. 



With nearly 4,000 articles written by industry experts on everything from cool projects, desktop how-tos, 
security, embedded systems, networking, virtualization, multimedia, system administration and 
programming tricks and techniques—this unique collection is a must-have for every Linux enthusiast. 


Get your NEW Linux Journal Archive CD today featuring 
all issues from 1994 through 2008. Just $34.95. 


www.linuxjournal.com/archivecd 







COLUMNS 


COOKING WITH LINUX 



Figure 5. Using the Tool to Change the Admin Password 

system tree, click the switch icon next to the domain 
name. You'll then see Server Settings (which expands 
into its own subtree), Users, Devices, Principals and 
Modules. That last one also expands into several 
other branches. To see how this all works and how 
you can configure and change things, let's deal with 
that admin password right now. 

Double-click on Users and look at the admin 
tool window (Figure 5). The Search Users tool 
appears. You can search by user name, first name, 
last name and e-mail address. Enter admin in the 
search box beside Username, and click the Search 
button (notice that you can search by a part of the 
name as well as position of the text by clicking the 
drop-down box beside the label). Only one admin 
name should show up, so it naturally will be high¬ 
lighted. If you did this by searching for part of a 
name, and you had multiple names, you would, of 
course, need to select the correct name. 

Click the Edit button, change the password, and 
then save your changes. That takes care of control¬ 
ling access to the tool. Your next step is to define 
access to the system. As it stands, your Funambol 
implementation allows connections only from localhost 
and then only to a limited set of users. You need to 
change that. Double-click on Server Settings in the 
navigator window. Now, look to the left and locate 
the Server URI field in the settings window (Figure 6). 

Enter the hostname (or the IP address) of your 
server, then click Save. You should see a confirmation 
message in the status window below. It should look 
something like this: 

http://yourdomain.com:8080/funambol/ds 

Believe it or not, that's pretty much it on the 
server end. Now, let's take a break, have Frangois 
refill everyone's glass, and then let's see what we 


Wl*! S»fver m 


ltv« . 
OlOwrutii' 




Drritt invtntary. 
baa* inatrannrr ■ 
Sltdew 
Uirr Riwagrr 
SMS icniic. 


/iruiifviaicr/DailaTiwirgi 


VaBi/fun»«nbal/<ani»T/»i>ginf/MnitagYin»l 


;ig*i/run«nibal/i«fv«r/«4niin/btU>ciM*n«s«iJiinl 
(aia/funMnbal/iargrrMniiriM^SarMra xml 


I Canfigutf 
] f Cgaflguic 


Figure 6. As a final first step, you need to configure the URI 
to the Funambol service on your server. 

need to do on the BlackBerry end of things. 

The first step is to install the BlackBerry client, which 
you can find at https://www.forge.funambol.org/ 
download/downloads-bb.html. You will see an 
e-mail client in addition to the sync client, but, for 
the sake of this article, let's just concentrate on the 
sync client. Make sure you get the right client for 
your particular BlackBerry OS version. 


I this article, I concentrate on 

MM ■ BlackBerry synchronization with 

a Linux system, but remember that Funambol offers 
sync clients for many different mobile devices 
and smartphones. Simply point your browser to 
www.forge.funambol.org/download to find 
the right client for your mobile device. You even 
can sync your Android phone. 


Once installed, you will see the Funambol 
BlackBerry sync icon in your list of applications on 
the BlackBerry screen (Figure 7). 


1:50 PM 11 E Q-o 

ROGERS-SebaTris 


3G-rT..iil 




0 


o 


B a s n 


oo )))Da( 
D QQ\ 


n 


Funambol BlackBerry Sync 


Figure 7. The Funambol Client Icon as It Appears on My 
BlackBerry 


28 I july 2009 www.linuxjournal.com 


















































ITis Continually 

Evolving, Be Sure 


to Keep Up. 


Attend the most comprehensive IT events of the year, 
and gain the end-to-end views on enterprise technology 
that will help you keep up with the evolving needs of 
your data center. 


^ Complimentary events for qualified attendees! 



trimS^RLD. 


()penSource 

* world 


co-located with 


<|;nc;dc 


NEXT GENERATION DATA CENTER 


and 


Cloudlllorld 


Three events. Tangible benefits. Immediate results. 

From cost-effective, open source solutions and data center tools to cloud computing 
strategies, these events cover integrated, enterprise technologies aimed at increasing 
data center efficiency and reducing costs. The co-location of OpenSource World, NGDC 
and CloudWorld provides a unique value proposition that will maximize learning and use 
your time away from the office efficiently. 

These events will enable you to: 

• Take home solutions and best practices that will immediately increase data center 
efficiency, while saving on IT costs. 

• Get an in-depth look at technology trends and meet face-to-face with leading 
solutions providers. 

• Meet with peers and share case studies for data center management, open source 
adoption, cloud computing implementation and much more. 


REGISTER NOW to Qualify for Free Attendance! 
www.opensourceworld.coni 

Attendance is limited to IT and business professionals who meet qualifying criteria. 


For sponsorship opportunities, visit www.opensourceworid.com 

AN *IDG WORLD EXPO EVENT 


AUGUST 12-13,2009 


MOSCONE CENTER WEST 


SAN FRANCISCO, CA 


www.opensourceworld.com 


















COLUMNS 


COOKING WITH LINUX 


This is all wonderful, because the 
Funambol server effectively is keeping 
an over-the-air backup of your data— 
handy if you ever need to reload it. 


Click the icon, and you should see a status 
screen showing Contacts, Calendar, Tasks and 
Notes, all with Not Synchronized below the labels. 
To perform a sync, you need to configure the client. 
Press the menu key on your BlackBerry, and select 
Settings (Figure 8). 


jpunambol BlackBerry Sync 


1^1 Contacts 

^ Not Synchronized 




Sync All 

Sync Contacts 

Go to Contacts 




Hide 


Settings 

Reset 

Help 



client update your information every 30 minutes 
(the default) or whatever period makes sense to 
you. That feature is not turned on unless you 
specify otherwise. 

When you're done, save your settings (on my 
BlackBerry, I just press the trackball or the back 
arrow). You'll find yourself back at the status screen, 
and now you're ready to synchronize for the first 
time. Press the menu key, and select Sync All from 
the menu. The Funambol client will connect with 
your server and start transferring the information on 
your BlackBerry. Underneath the labels for Contacts 
(and Calendar and so on), the client will show how 
many records are being transferred. Once complete, 
the status screen lists the last successful sync for 
each resource (Figure 10). 


Funambol BlackBerry Sync I 

(4?^ Contacts 

^ Today at 1:53 PM 

o 

Calendar 

Today at 1:55 PM 


(jq Tasks 

Today at 1:55 PM 


^ Notes 

Today at 1:55 PM 




Figure 8. Press the menu key to configure the client settings. 


When the Funambol client configuration screen 
appears (Figure 9), enter the URI for your machine's 
Funambol server. This is the same address that you 
entered when you configured the server. You also 
must enter your user name and password—that's 
your Linux server user name and password. A little 
farther down that screen, there are check boxes 
beside labels to Sync Contacts, Sync Calendar, Sync 
Tasks and Sync Notes. These are all checked by 
default, but you may decide you don't want to sync 
all those resources, so change it here if you like. You 
also can configure a scheduled sync and have the 


■Settings 


Server Location: 

http://yourdomain.com: 8080 / 

funambol/ds 

Username: 

marcel 

Password: 

+::<c4: :<c| 


Figure 9. Funambol BlackBerry Client’s Configuration Screen 


Figure 10. During synchronization, the status screen shows 
you the number of records transferred. Once complete, you 
can see the latest sync at a glance. 

This is all wonderful, because the Funambol 
server effectively is keeping an over-the-air backup 
of your data—handy if you ever need to reload it. 
But, what if you use another client on your Linux 
desktop for e-mail, contacts and appointments, 
such as Evolution or Thunderbird? Funambol 
provides download clients for these and others 
as well. Figure 11 shows a screenshot of a pretty 
desolate-looking address book in Thunderbird. 



Figure 11. My Thunderbird Address Book, without Any Contacts 


30 I july 2009 www.linuxjournal.com 









































SECURITV SVNPOSIUN 

Montreal, Canada August 10-14,2009 

Join US for a 5-day tutorial and refereed technical program for security 
professionals, system and network administrators, and researchers. 



2 Days of In-Depth Tutorials Taught by 
Industry Leaders, Including: 

Frank Adelstein & Golden G. Richard III on Learning Reverse 
Engineering: A Highly Immersive Approach (2 Day Class) 

Patrick McDaniel & William Enck on Building Secure Android 
Applications 

Phil Cox on Securing Citrix XenServer and VMware ESX 
Server 


Keynote Address 

Rich Cannings and David Bort of Google on the Android Open 
Source Project 


Technical Program 

26 refereed papers presenting the best new research in a variety 
of subject areas, including malware detection and protection, 
securing Web apps, and applied crypto 


Invited Talks by Experts, Including: 

• Jeremiah Grossman, WhiteHat Security, on "Web Security" 

Alex Sotirov on "Modern Exploitation and Memory Protec¬ 
tion Bypasses" 

David Dagon, Georgia Institute of Technology, on bots 


Co-liocated Workshops: 
E VT/WOTE '09 

2009 Electronic Voting 
Technology Workshop/ 
Workshop on Trustworthy 
Elections 

August 10-11,2009 


CSET '09 

2nd Workshop on Cyber 
Security Experimentation and 
Test 

August 10, 2009 


WOOT'09 

3rd USENIX Workshop on 
Offensive Technologies 
August 10, 2009 


HotSec '09 

4th USENIX Workshop on 
Hot Topics in Security 
August 11,2009 


MetriCon 4.0 

Fourth Workshop on Security 
Metrics 

August 11,2009 


Register by July 20,2009, and save! 


www.usenix.org/sec09/lj 



















COLUMNS 


COOKING WITH LINUX 



Figure 12. The plugin you need for Thunderbird is avail- 

Configuring the able from the Funambol community download 

Funambol page. Download it, and save it to a local 

Thunderbird Plugin directory. Once that's done, click Tools on the 

Thunderbird menu bar and select Add-ons. When 
the Add-ons window appears, click the Install 
button, and navigate to the folder where you 
stored the file, then click on it and install it. Once 
finished, Thunderbird needs to restart to load the 
new extension. After Thunderbird restarts, you 
must configure the Funambol client to connect to 
your server. Click Tools from the menu bar, and 
select Funambol plugin. When the Funambol PIM 
Plugin window appears, click the Options button, 
and you'll see a screen that, although shinier 
than the one on the BlackBerry, is similar as it 
asks for the same information, namely the server 
URL, user name and password (Figure 12). Enter 
the information, then click Close. 

That's it. To synchronize Thunderbird with the 
contacts from my BlackBerry, all I do is click the 
Synchronize button and wait while my contacts 





® : 



o 


You have selected to synchronize: 



Contacts 

Receiving new items 412 


Close 


Figure 13. The Thunderbird Sync Plugin Flappily Doing What 
It Is Built to Do 


are transferred (Figure 13). How long this 
takes depends, of course, on how much informa¬ 
tion is being synchronized and how fast your 
connection is. 

In this way, I can keep my desktop client in 
sync with my BlackBerry and the server itself. 

As an added bonus, I get over-the-air backup 
with my own server without having to shell 
out the dollars for a BES server. Funambol, 

Linux and my BlackBerry—it's a match made in 
open-source heaven. 

With the help of Funambol, a great open- 
source application, you (and Frangois), can keep 
all that personal information in sync without 
having to resort to entering the information 
manually or paying huge sums of money for a 
special server running proprietary code. Well, 
mes amis, the time is finally upon us. That old 
clock on the wall says closing time has arrived 
yet again. Frangois will be happy to refill your 
glasses a final time while we say our goodbyes 
to one another. Please, mes amis, raise your 
glasses, and let us all drink to one another's 
health. A votre sante! Bon appetitim 


Marcel Gagne is an award-winning writer living in Waterloo. Ontario. He is the 
author of the Moving to Lw series of books from Addison-Wesley. Marcel is also 
a pilot a past Top-40 disc jockey, writes science fiction and fantasy, and folds a 
mean Origami T-Rex. He can be reached via e-mail at marcel@marcelgagne.com. 
You can discover lots of other things (including great Wine links) from his Web 
sites at marcelgagne.com and cookingwithlinux.com. 


Resources 


Funambol: funambol.org 

Funambol Downloads Page: 

https://www.forge.funambol.org/download 

Funambol Community Projects: 

https://www.forge.funambol.org/participate/ 

projects.html 

Mozilla Thunderbird: 

www.mozilla.com/thunderbird 

Open Mobile Alliance (the Home of SyncML): 

www.openmobilealliance.org 

Marcel's Web Site: marcelgagne.com 
Cooking with Linux: cookingwithlinux.com 
WFTL Bytes!: wftlbytes.com 


32 I july 2009 www.linuxjournal.com 






















































ENTERPRISE DATA SECURITY 

CONFERENCE & EXPO 


REGISTER NOW 
FOR SUPER EARLY 
BIRD SAVINGS 

www.scworldcongress.com 


INCOMPARABLE 

SC World Congress provides the 
most security education bang for 
your buck (whatever the currency) 
of any event on the planet. 

COMPELLING 

Every session is packed with 
actionable information conveyed 
by experts in innovative formats. 

REACH 

A global network provided by 
more than 75 media partners 
is unsurpassed in the industry. 

LOCATION 

SC World Congress moves to 
the heart of the world’s business 
capital in a new, high-quality 
hotel environment. 



Announcing your best value proposition in 
information security education & networking 


Sheraton New York 
Hotel & Towers 



Cybersecurity threats are recession-proof. 
Increasingly sophisticated attacks on your 
organization’s vital IT infrastructure occur 24/7. 
Cost-effective strategies are required to meet 
these challenges. You’ll get them at the second 
annual SC World Congress. 


To register and for information, 
visit www.scworldcongress.com. 

To exhibit or sponsor, contact 
Mike Alessie at 646-638-6002 or 
mike.alessie@haymarketmedia.com. 


Emphasizing quality content, innovative formats, 
global perspectives and ROI, you can’t afford 
to miss this event. 


The breadth and depth of security topics 
covered at the SC World Congress 2008 was 
fantastic. Experts from government, banking, 
academia and more offered cutting-edge 
insights. I highly recommend attending.” 


- Dan Lohrmann, chief technology officer, state of Michigan 






llB 


record 

setting 








>w»Brs 













COLUMNS 


WORK THE SHELL 



DAVE TAYLOR 


Parsing Command-Line 
Options with getopt 

Make your shell scripts more flexible and more command-line-friendly 
by accepting command-line arguments/flags. 


I've talked before about how I am a lazy shell 
script programmer. It might be because I'm simply 
not a full-time professional software developer, and 
I don't even administer my own servers anymore—I 
outsource the job to Wisconsin. 

Regardless of how much I program nowadays 
though, I still find myself needing simple little 
applications—tiny programs that do one simple 
task well. 

And, then there are the throwaway scripts 
that stick around, ultimately becoming a mainstay 
of one's toolkit, spreading out to cover multiple 
functions and mysteriously growing to 100 lines 
or more. 

I have one of those in my toolkit, a script that 
originally was intended simply to figure out the 
dimensions of a graphic file and produce the proper 
height and width attributes for an HTML image tag. 

Now the script scale.sh has grown to 133 lines 
and does a variety of different, albeit related tasks. 
No surprise, it's also grown to have a variety of 
command-line arguments, as shown here: 

$ ./scale.sh 

Usage: scale {args} factor [file or files] 

-a use URL values for APparenting.com site 
-b add Ipx solid black border around image 
-i use URL values for intuitive.com/blog site 
-k KW add keywords KW to the ALT tags 
-r use 'align=right' instead of <center> 

-s produces succinct dimensional tags only 

A factor 0.9 for 90% scaling, 0.75 for 75%, or max width in pixels. 
A factor of '1' produces 100%. 

Crack open the code, and you'll see my dirty 
little scripting secret—a very sloppy approach to 
parsing command-line options: 

if [ "$1" = "-a" ] ; then 

baseurl = " WWW. apparenting.com/Images/"; shift 
fi 

I did warn you that I was a lazy programmer, 
right? This is a pretty classic way to parse and 


process command-line arguments, actually. Check 
the value of $1, and if it's a known flag, change a 
default variable or two, then use the shift command 
to move $2 ^ $1, $3 ^ $2 and so on, effectively 
deleting the processed flag from the command¬ 
line args. 

The problem is, when you have more than one 
or two flags, this really doesn't work. I step through 
the command flags alphabetically in my script—for 
example, invoking the script as scale -r -a will 
fail. It'll process the -r flag but never see the -a and 
generate an error condition. 

Fortunately, there's a very nice Linux command 
called getopt that lets you parse through your 
command flags in a far more sophisticated manner. 

getopt In Shell Scripts 

The getopt command first requires that you let it 
rearrange how your command flags are organized, 
then you use the set command to update all 
the positional variables. After that, you can 
step through the positional variables with a 
case statement. 

The first step is: 

args='getopt FLAGS $*' 
set -- $args 

where FLAGS should be the individual letters of 
known and accepted command flags. If a flag has 
an argument that goes with it (like -s 30), append 
a colon to it. 

For my script, it looks like this: 

args='getopt abik:rs %*' 
set -- $args 

To see what happens, I've added a bonus echo 
statement. Here's the result: 

$ scale -abs -k fdsf 100 *png 

args = -a -b -s -k fdsf -- 100 blooeeh.png 

As you can see, getopt separates out each and 
every command flag and adds a - flag that indi¬ 
cates when the command flags end—simple, really! 


34 I july 2009 www.linuxjournal.com 







Now that the args have been restructured, parsing is 
relatively easy, though it looks pretty complicated (warning. 
I've stripped out a few clauses for simplicity): 

for 1; do 


case 

"$1 

" 1 n 

-a 

) 

baseur1=" WWW. apparenting.com/Images/ 
shift :: 

-k 

) 

keywords^" ($2)" 
shift ; shift ;; 

-s 

) 

verbose=0 

shift ;; 

esac 

) 

shift; break ; ; 


done 

Let's read this backward. At the -- option, the loop will 
exit due to the break. Until that's hit, the for loop will just 
keep iterating, stepping through all the flags specified. This 
is how the order of the flags becomes irrelevant. 

Each time a flag is matched, the desired action is taken, 
variables are set and so on, then the shift command shows up 
again to move all the command flags down one (for example, 
$2 to $1, $3 to $2 and so on). 

Shell script case statement matching lines are all in the 
form of: 

regex ) actions ;; 

The double semicolon is an oddity, but that's how you indicate 
the end of an individual case match, hence the notation 
shown above. 

Grabbing the argument for the -k flag is easy too, because 
getopt has made sure that it's a separate argument, and 
since we're using shift as we go along to move things 
around, $2 will always be the argument itself. 

Finally, also notice that as a stylistic approach, I have the 
double semicolon with a leading space. That's just so when 
I eyeball the script, I quickly can recognize if there are any 
cases that are missing the double semicolon. 

The only piece missing is some error handling, because 
right now, if a bad flag is encountered, here's what happens: 

$ scale -ax 100 *png 
getopt: illegal option -- x 

Nice, but the script doesn't catch the error condition or 
stop running—not so good. 

To fix it, immediately after the call to getopt, simply test 
the return code: 

if [ $? != 0 ] ; then . .. 

In the conditional, you probably would put a usage statement 
and an exit command. For my script, I actually also test 
to ensure that there are a minimum of two arguments on 
the command line as well, because the script is never valid 


without them: 

if [ $? != 0 -0 $# -It 2 ] : then 
echo "" 

echo "Usage: scale {args} factor [file or files]" 
echo "" 

... stuff skipped ... 

exit 0 
fi 

At this point in our shell script writing journey, I certainly 
hope you can read that rather cryptic conditional statement 
and understand what it does. 

Ultimately, it's a bit of work to parse command-line flags 
the right way, but it makes for a far more flexible and robust 
shell script. ■ 


Dave Taylor has been involved with UNIX since he first logged in to the on-line network in 1980. That 
means that, yes, he’s coming up to the 30-year mark now. You can find him just about everywhere 
on-line, but start here: www.DaveTaylorOnline.com. 


Liberty Health 

Software Foundation 

presents: 


FOSSHealth 09 
unconference 



Use the registration 

code of 'ijmag' for libertyhsf.org 
$100 off registration. 


www.linuxjournal.conn ju ly 2009 I 35 











COLUMNS 


PARANOID PENGUIN 



MICK BAUER 


Building a Secure Squid 
Web Proxy, Part III 

Tighten the controls on your Squid Web proxy. 


We've been building a secure Squid Web Proxy the 
past few months, and we'll continue to do so for a 
couple more. Last time [May 2009], we got Squid 
installed, running and restricted to serve only local 
clients (based on their IP addresses). This month, we 
delve deeper into Squid's Access Control List (ACL) 
capabilities and other built-in security features. 

ACL Review 

As you may recall from my last column, all we 
had to do to get Squid running on a standard 
Ubuntu 8.04 system was add two lines to the 
file /etc/squid/squid.conf: 

act mick_network src 10.0.2.0/24 
http_access allow tnick_network 

We inserted those two lines, which allow outbound 
proxy connections from clients whose IP addresses 
fall within the network 10.0.2.0/24 (that is, addresses 
10.0.2.1 through 10.0.2.254), right above Squid's 
default "deny all" ACL, which looks like this: 

http_access deny all 

You can correctly infer from this that, by default. 
Squid denies proxy connections from all clients. This is 
a refreshing change in default server application con¬ 
figurations during the past few years. Whereas in the 
past, many applications had default configurations 
that would "just work", which is a very user-friendly 
but also excessively open stance, nowadays few net¬ 
work applications will do much of anything without 
some administrative intervention. This is only sensible. 
Connecting things to the Internet that you don't even 
know how to configure is the way of pain. 

Getting back to our example ACL, the acl state¬ 
ment itself is fairly self-explanatory: acl tells Squid 
we're defining an ACL; mick_network is its name; 
src indicates it matches the client's source IP 
address or network address; and 10.0.2.0/24 is 
the network address in CIDR notation that will 
match this ACL. 

This is the simplest type of ACL and still one of the 
most useful. In February 2002, if the New York Times 
had had a simple source-1 P/network ACL correctly 
configured on its Internet-facing corporate Web 


proxies, the rogue hacker Adrian Lamos couldn't have 
gained access quite so easily to its editorial-page 
contributor database or its Lexus-Nexus portal. 

ACLs in More Depth 

Besides clients' (source) IP addresses. Squid also can 
match a great deal of other proxy transaction char¬ 
acteristics. Note that some of these deal with arcane 
HTTP headers and parameters, many of which are 
minimally useful for most Squid users anyhow. 

I've presented the full range of possible ACL 
types to give you a taste for how rich Squid's 
ACL functionality is. Needless to say, however, 

I can't cover usage scenarios for (or even ade¬ 
quately explain) all of these. ViServe's "Squid 2.6 
Configuration Manual" (see Resources) gives 
complete syntax and usage examples for all. 

Many, if not most. Squid installations don't go 
much beyond a few src ACLs, along with perhaps a 
few simple dstdomain blacklist entries thrown in for 
good measure. Many of the other most useful ACL 
types, such as myip, time, port, proto, method, 
dst_mime_type and rep_mime_type, should be 
reasonably self-explanatory (or at least easy 
enough to understand from the examples shown 
in squid.conf's comments). 

One category of less-intuitive ACL types is par¬ 
ticularly powerful and useful: the ones that enable 
Squid to authenticate client users via external 
authentication authorities. Before we tackle 
authentication, however, we should give a little 
more attention to ACL operators, the tags that 
perform some action (most commonly, to allow 
or deny a request) based on a matched ACL. 

By far, the most important ACL operator is 
http_access, which specifies whether Squid should 
allow the transaction matching the specified ACL to 
proceed. Going back to the example ACIVoperator 
pair from the beginning of this section, after we 
defined the ACL mick_network as all transactions 
involving client/source IP addresses within 
10.0.2.0/24, we operated on it with this line: 

http_access allow mick_network 

This is simple enough to understand: "allow HTTP 
requests matching the ACL named mick_network." 


36 I july 2009 www.linuxjournal.com 







Table 1. Complete List of ACL Types Supported in Squid 2.6 


ACL Type 

Description I 

src 

Client (transaction source) IP address or network address. 

dst 

Server (transaction destination) IP address or network address. 

myip 

Local IP address on which Squid is listening for connections. 

arp 

Client's Ethernet (MAC) address (matches local LAN clients only). 

srcdomain 

Client's domain name as determined by reverse DNS lookup. 

dstdomain 

Domain portion of URL requested by client. 

srcdom_regex 

Regular expression matching client's domain name. 

dstdom_regex 

Regular expression matching domain in requested URL. 

time 

Period of time in which transaction falls. 

urLregex 

Regular expression matching entire requested URL (not just domain). 

urlpath_regex 

Regular expression matching path portion of requested URL. 

urilogin 

Regular expression matching requested URL's "login" field. 

port 

Requested site's (destination) TCP port. 

myport 

Local TCP port on which Squid is listening for connections. 

proto 

Application-layer protocol of request (HTTP, HTTPS, FTP, WHOIS or GOPHER). 

method 

Request's HTTP method (GET, POST or CONNECT). 

browser 

Matches the client's browser, per HTTP "User-Agent" header. 

referer_regex 

Regular expression matching the unreliable HTTP "Referer" header (that is, the supposed URL of some page on which the user 
clicked a link to the requested site). 

ident 

Matches specified user name(s) of user(s) running client browser, per an "ident" lookup. Note that ident replies, which often can be 
spoofed, should not be used in lieu of proper authentication. 

ident_regex 

Regular expression defining which client user names to match per ident lookup. 

src_as 

Matches client IP addresses associated with the specified Autonomous System (AS) number, usually an ISP or other large IP registrant. 

dst_as 

Matches destination-server IP addresses associated with the specified AS number. 

proxy_auth 

Matches the specified user name, list of user names or the wild card REQUIRED (which signifies any valid user name). 

proxy_auth_regex 

Regular expression defining which user names to match. 

snmp_community 

For SNMP-enabled Squid proxies, matches client-provided SNMP community string. 

maxconn 

Matches when client's IP address has established more than the specified number of HTTP connections. 

max_userjp 

Matches the number of IP addresses from which a single user attempts to log in. 

req_mime_type 

Matches a regular expression describing the MIME type of the client's request (nof the server's response). 

req_header 

Matches a regular expression applied to all known request headers (browser, referer and mime-type) in the client's request. 

rep_mime_type 

Matches a regular expression describing the MIME type of the server's response. 

rep_header 

Matches a regular expression applied to all known request headers (browser, referer and mime-type) in the server's response. 

external 

Performs an external ACL lookup by querying the specified helper class defined in the externaLacLtype tag. 

urigroup 

Matches a urigroup name, as defined in redirector setups. 

user_cert 

Matches specified attribute (DN, C, 0, CN, L or ST) and values against client's SSL certificate. 

ca_cert 

Matches specified attribute (DN, C, 0, CN, L or ST) and values against client certificate's issuing Certificate Authority certificate. 

ext_user 

Matches specified user name(s) against that returned by an external AClVauthentication helper (configured elsewhere in squid.conf). 

ext_user_regex 

Matches a regular expression describing user names to be matched against that returned by an external AClVauthentication helper. 


www.linuxjournal.conn ju ly 2009 I 37 









































COLUMNS 


PARANOID PENGUIN 


The most common use of ACLs is to specify a 
list of ACLs and http_access statements, ending (as 
we've seen) with a "drop by default" line, like this: 

http_access deny all 

This has the effect of creating a "whitelist"— a 
list of types of transactions that are allowed, with all 
others being denied. 

Squid recognizes a number of additional ACL 
operators besides http_allow, including no_cache, 
ident_lookup_access, always_direct, never_direct and 
snmp_access. Because most of these concern cache 
performance, HTTP redirects and communications 
with other Squid servers rather than security per se. 
I'll leave it to you to explore those (or not) as your 
particular needs dictate. The Squid User's Guide 
referenced in the Resources section is a good source 
of information about Squid's various ACL operators. 

Squid Authentication 

As I mentioned previously, one of Squid's most 
handy capabilities is its ability to authenticate proxy 
users by means of a variety of external helper 
mechanisms. One of the simplest and probably 
most commonly used helper applications is 
ncsa_auth, a simple user name/password scheme 
that uses a flat file consisting of rows of user 
name/password hash pairs. The HOWTO by Vivek 
Gite and, to a lesser extent, the Squid User's Guide, 
explain how to set this up (see Resources). 

Briefly, you'll add something like this to 
/etc/squid/squid.conf: 

auth_paratn basic program /u5r/lib/squid/nc5a_auth /etc/squid/squidpasswd 
auth_param basic children 5 

auth_param basic realm Squid proxy-caching web server at Wiremonkeys.org 
auth_param basic credentialsttl 2 hours 
auth_param basic casesensitive off 

And, in the ACL section: 

acl ncsa_auth_users proxy_auth REQUIRED 
http_access allow ncsa_auth_users 

The block of auth_param tags specifies settings 
fora "basic" authentication mechanism: 

■ program is the helper executable ncsa_auth, 
using the file /etc/squid/squidpassd as the user 
name/password hash list (created previously). 

■ chi Idren, the number of concurrent authentica¬ 
tion processes, is five. 

■ realm, part of the string that greets users, is "Squid 
proxy-caching Web server at Wiremonkeys.org". 


■ credentialsttl, the time after authentication 
that a successfully authenticated client may go 
before being re-authenticated, is two hours. 

■ casesensitive, which determines whether user 
names are case-sensitive, is off. 

In the ACL section, we defined an ACL called 
ncsa_auth_users that says the proxy_auth mechanism 
(as defined in the auth_param section) should be 
used to authenticate specified users. Actually in this 
case, instead of a list of user names to authenticate, 
we've got the wild card REQUIRED, which expands 
to "all valid users". The net effect of this ACL and 
its subsequent http_access statement is that only 
successfully authenticated users may use the proxy. 

The main advantages of the NCSA mechanism are 
its simplicity and its reasonable amount of security (only 
password hashes are transmitted, not passwords prop¬ 
er). Its disadvantage is scalability, because it requires 
you to maintain a dedicated user name/password list. 
Besides the administrative overhead in this, it adds 
yet another user name/password pair your users are 
expected to remember and protect, which is always 
an exercise with diminishing returns (the greater the 
number of credentials users have, the less likely they'll 
avoid risky behaviors like writing them down, choosing 
easy-to-guess passwords and so forth). 

Therefore, you're much better off using existing 
user credentials on an external LDAP server (via 
the ldap_auth helper) on an NT Domain or Active 
Directory server (via the msnt_auth helper) or the 
local Pluggable Authentication Modules (PAM) facility 
(via the pam_auth helper). See Resources for tutorials 
on how to set up Squid with these three helpers. 

Note that Squid's helper programs are located 
conventionally under/usr/lib/squid. Checking this 
directory is a quick way to see which helpers are 
installed on your system, although some Linux 
distributions may use a different location. 

Other Squid Defenses 

Access Control Lists really are Squid's first line of 
defense—that is. Squid's primary mechanism for 
protecting your network, your users and the Squid 
server itself. There are a couple other things worth 
mentioning, however. 

First, there's the matter of system privileges. 
Squid must run as root, at least while starting up, so 
that, among other things, it can bind to privileged 
TCP ports such as 80 or 443 (although by default 
it uses the nonprivileged port 3128). Like other 
mainstream server applications, however. Squid's 
child processes—the ones with which the outside 
world actually interacts—are run with lower privileges. 
This helps minimize the damage a compromised or 
hijacked Squid process can do. 


38 I july 2009 www.linuxjournal.com 





By default, Squid uses the user proxy and group 
proxy for nonprivileged operations. If you want to 
change these values for effective UID and GID, they're 
controlled by squid.conf's cache_effective_user and 
cache_effective_group tags, respectively. 

Squid usually keeps its parent process running 
as root, in case it needs to perform some privileged 
action after startup. Also, by default. Squid does 
not run in a chroot jail. To make Squid run chrooted, 
which also will cause it to kill the privileged parent 
process after startup (that is, also will cause it to run 
completely unprivileged after startup), you can set 
squid.conf's chroot tag to the path of a previously 
created Squid chroot jail. 

If you're new to this concept, chrooting 
something (changing its root) confines it to a 
subset of your filesystem, with the effect that 
if the service is somehow hacked (for example, 
via some sort of buffer overflow), the attacker's 
processes and activities will be confined to an 
unprivileged "padded cell" environment. It's a 
useful hedge against losing the patch rat race. 

Chrooting and running with nonroot privileges 
go hand in hand. If a process runs as root, it can 
trivially break out of the chroot jail. Conversely, if 
a nonprivileged process nonetheless has access 
to other (even nonprivileged) parts of your 
filesystem, it still may be abused in unintended 
and unwanted ways. 

Somewhat to my surprise, there doesn't seem 
to be any how-to for creating a Squid chroot jail 
on the Internet. The world could really use one— 
maybe I'll tackle this myself at some point. In the 
meantime, see Resources for some mailing-list 
posts that may help. Suffice it to say for now 
that as with any other chroot jail. Squid's must 
contain not only its own working directories, but 
also copies of system files like /etc/nsswitch.conf 
and shared libraries it uses. 

Common Squid practice is to forego the chroot 
experience and to settle for running Squid partially 
unprivileged per its default settings. If, however, you 
want to run a truly hardened Squid server, it's prob¬ 
ably worth the effort to figure out how to build and 
use a Squid chroot jail. 

Conclusion 

Setting ACLs, running Squid with nonroot privileges 
most or all of the time and running Squid in a 
chroot jail constitute the bulk of Squid's built-in 
security features. But, these are not the only things 
you can do to use Squid to enhance your network 
and end-user systems' security. 

Next time. I'll show you how to use add-on tools 
such as SquidGuard to increase Squid's intelligence in 
how it evaluates clients' requests and servers' replies. 
I'll also address (if not next time then in a subsequent 


column) some of the finer points of proxying 
TLS/SSL-encrypted sessions. Until then, be safe!* 


Mick Bauer (darth.elmo@wiremonkeys.org) is Network Security Architect for 
one of the US’s largest hanks. He is the author of the O’Reilly hook Linux Server 
Security, 2nd edition (formerly called Building Secure Servers With Linu}if, an 
occasional presenter at information security conferences and composer of the 
“Network Engineering Polka”. 


Resources 


Wessels, Duane: Squid: The Definitive Guide. Sebastopol, CA: O'Reilly 
Media, 2004. Includes some tips on creating and using a Squid chroot jail. 

The Squid home page, where you can obtain the latest source code and 
binaries for Squid: www.squid-cache.org. 

The Ubuntu Server Guide's Squid chapter: https://help.ubuntu.com/ 
8.10/serverguide/C/squid.html. 

The Squid User's Guide: www.deckle.co.za/squid-users-guide/ 
Main_Page. 

ViSolve's Squid 2.6 Configuration Manual and Comprehensive 
squid.conf Reference: www.visolve.com/squid/squid26/ 
contents.php. 

"The Homeless Hacker v. The New York Times”, Jennifer Kahn's article 
in Wired about Adrian Lamos: www.wired.com/wired/archive/ 
12.04/hacker_pr.html. 

Chris Wichura's slideshow "The Squid Caching Proxy": 

www.uniforum.chi.il.us/slides/squid/UniForum-Squid.ppt. 

Vivek Gite's tutorial "Howto: Squid proxy authentication using 
ncsa_auth helper": www.cyberciti.biz/tips/ 
linux-unix-squid-proxy-server-authentication.html. 

Vivek Gite's Tutorial "Configure squid for LDAP authentication using 
squid_ldap_auth helper": www.cyberciti.biz/tips/ 
howto-configure-squid-ldap-authentication.html. 

David Bolton's "Howto: Squid + msnt_auth + Active Directory": 

www.davidbolton.com/?p=32. 

Paul Matthews' HOWTO "Squid with PAM Authentication and Squish 
Download Manager": www.opensourcehowto.org/how-to/squid/ 
squid-with-pam-authentication-squish-download-manager.html. 

Thread from the squid-users mailing list, on what should go into a Squid 
chroot jail: www.squid-cache.org/mail-archive/squid-users/200609/ 
0782.html. 

Thread from the squid-users mailing list, about some of the finer points of 
running Squid in a chroot jail: www.squid-cache.org/mail-archive/ 
squid-users/200811/0411 .html. 


www.linuxjournal.com ju ly 2009 I 39 





COLUMNS 


HACK AND / 


Right Command, 

Wrong Server 

KYLE RANKIN It’s BBsy to losB tcacR of what your servers do when they number in the 

tens or hundreds. Here are a few simple techniques I’ve found that 
make it easier to manage them all. 



When I first started out in systems administration, 

I had only a few machines to keep track of. It was 
relatively easy to remember which servers did which 
functions (mostly because one or two machines did 
just about everything). If a server had a problem, I 
immediately knew everything it would impact. 

For better or worse, nowadays my position has 
become more complicated. When you personally 
manage tens or hundreds of machines, it can be 
difficult to keep everything straight. When a server 
goes down, you might no longer know what 
services are impacted or who else to notify. Beyond 
that, there's also the dreaded running-the-right- 
command-on-the-wrong-server mistake. I think 
every sysadmin has typed halt, rm -rf or some 
other destructive command in the wrong terminal 
at least once (just ask my old boss Bill). 

Although I can't guarantee you’ll never 
type a command on the wrong server I 
can say that as your environment grows to 
hundreds of servers, these techniques will 
help you pick up where your brain left off. 

In this column, I discuss some methods I've 
found to help you keep track of your servers. Although 
I can't guarantee you'll never type a command on 
the wrong server, I can say that as your environment 
grows to hundreds of servers, these techniques will 
help you pick up where your brain left off. 

Message of the Day 

The message of the day (motd) is the message that 
greets you every time you log in to your system on 
the command line. For instance, here is the message 
of the day on one of my old Debian servers: 


Linux napoleon 2.6.20-l-k7 #1 SMP Tue Apr 24 22:37:29 UTC 2007 1686 


The programs included with the Debian GNU/Linux system are free 
software; the exact distribution terms for each program are 


described in the individual files in /usr/share/doc/*/copyright. 


Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent 
permitted by applicable law. 

No mail. 


Messages like this are pretty generic, so it's easy 
to take them for granted and leave them alone. 
After all, in this example, I already know the OS, 
hostname and kernel version (Linux, napoleon, 
2.6.20-1-k7). You can extend this information, 
however, and list anything you want. 

The message of the day is managed in a file 
called /etc/motd. It's a simple text file, so you can 
modify it to say anything you want, although you'll 
want to limit it to what can fit on a standard console 
screen. Note that on modern Debian-based systems, 
the /etc/motd file is somewhat dynamic, so you will 
want to modify/etc/motd.tail instead. 

So, how can you use this file to your advantage? 
A lot of security-minded administrators add a 
special terms of use in this file to note that 
their systems are private and do not allow 
unauthorized access. In that case, the motd acts 
like a No Trespassing sign, so if someone hacks 
in to the system, law enforcement has help 
demonstrating that the attacker was notified 
that it was a private system. 

Although you may or may not want to add 
a No Trespassing sign to your motd, there are a 
number of other things you can add to the 
motd to make your life as an admin simpler. For 
instance, you could add a short set of documenta¬ 
tion about the server, including what the server 
does, other groups to contact if there is a problem 
on the machine and even any special locations 
where custom files are stored. That way, when 
you log in, instead of a boring default motd, you 
could get something more like: 


Linux napoleon 2.6.20-l-k7 #1 SMP Tue Apr 24 22:37:29 UTC 2007 1686 


Welcome to Napoleon. 

Local services: DNS, DHCP, Internal Wiki (http://wiki.example.net) 


40 I july 2009 www.linuxjournal.com 






DNS config: /etc/bind, /var/naned. 

DHCP config: /etc/dhcpd.conf 
Wiki files: /var/www/wiki 

Support team: root@exanple.net, wikiadmin@example.net 

You even might want to use the motd to pass 
along useful tips to regular users on the system. 
For instance, let's say your users use vim to view 
log files. On some systems, vim stores a complete 
copy of any files you open in /tmp. Although 
that's fine for a small text file, when you have 
users opening 1GB+ Apache logs, your /tmp 
space fills up quickly, and you are paged again 
and again. One solution might be to add a gentle 
reminder in your motd to use less, not vim, to 
read large text files. 

Tweaked Shell Prompts 

Another great way to help remind you which 
servers you are on is to tweak your shell prompt. If 
you are a good security-minded admin and become 
root only when necessary, a quick tip is to make the 


root prompt a different color (like red), so it stands 
out and reminds you that everything you do is 
with root privileges. 

There are many different tastes when it comes 
to a custom shell prompt, so you might want to 
tweak this to suit your preferences. Also, I'm 
assuming you will be using the bash shell that 
most systems tend to default to these days, so 
the file you should edit is /root/.bashrc. What 
shows up in your prompt is defined by the PS1 
environment variable, so if you are curious what 
it is set to by default, simply type: 

root@napoleon:~# echo $PS1 
\u@\h:\w\$ 

In this example, you have a very basic prompt 
that lists the current user (\u), the @ symbol, the 
hostname (\h), a colon, the current working directory 
(\w) and a # symbol (if I'm root), or a $ otherwise 
(\$). On my sample system, it would look like 
root@napoleon :~# when I log in as root. 

There are plenty of other ways you can tweak 



{powerful; Rhino —■ 

Rhino M6400/E6500 

• Dell Precision IV16400/ 

Latitude E6500 

• 2.2-3.0 GHz Core 2 Duo 
or 2.5 GHz Core 2 Quad 

•Up to 17" WUXGA LCD 
w/ X@1920xl200 

• NVidia Quadro FX 3700IV1 

• 80-500 GB hard drive 
•Up to 16 GB RAM 

• DVD±RW or Blu-ray 

• 802.11a/g/n 
•Starts at $1330 

• High performance NVidia 3-D on a WUXGA widescreen 

• High performance Core 2 Quad, 16 GB RAM 

• Ultimate configurability — choose your laptop's features 

• One year Linux tech support — phone and email 

• Three year manufacturer's on-site warranty 

• Choice of pre-installed Linux distribution: 

O -3 $ © (p ^ 


f \ 

— Tablet: Raven — 

Raven X200 Tablet 

• ThinkPad X200 tablet by Lenovo 

• 12.1" WXGAw/ X@1280x800 

• 1.2-1.86 GHz Core 2 Duo 

• Up to 8 GB RAM 

• 80-320 GB hard drive / 128 GB SSD 

• Pen/stylus input to screen 

• Dynamic screen rotation 

• Starts at $2200 




-[Rugged; Tarantula 


Tarantula CF-30 

• Panasonic Toughbook CF-30 

• Fully rugged MIL-SPEC-810F tested: 
drops, dust, moisture & more 

• 13.3" XGA Touchscreen 

• 1.6 GHz Core 2 Duo 
•Up to 8 GB RAM 

• 80-320 GB hard drive 

• Call for quote 


EmperorLinux 

...where Linux & laptops converge 


www.EmperorLinux.com 

1 - 888 - 651-6686 


01 




Model specifications and availability may vary. 




























COLUMNS 


HACK AND / 


the prompt, and if you are curious, the full list of 
aliases you can use for it is found in the bash man 
page—^just search for PS1. 

Because I'm focused on colorizing the prompt 
and not necessarily changing the format, I mostly 
will leave the prompt as is. There are a few ways to 
colorize the prompt, but the simplest way I've found 
is to define some of the potential colors you'd like 
to use in environment variables ahead of time, and 
then you can assign them to the PS1 variable without 
going cross-eyed from all the escape characters. 
Open up/root/.bashrc, and if PS1 already is defined, 
add these lines above it: 


record essentially allows you to assign text to a 
particular hostname. If you have an internal DNS 
infrastructure for your machines, you probably 
already have A records for all your servers. If you 
add a TXT record as well, that gives you a nice 
centralized place to document what each server 
does in a way that can be queried from any 
machine on the network. 

To demonstrate how to use TXT records, let's 
assume I'm using a standard BIND server for DNS, 
and this is a short section of the file that defines 
A records for three hosts—napoleon, snowball 
and major: 


NORMAL='tput sgr0 2> /dev/null' 
B0LD='tput bold 2> /dev/null' 
RED=''\[\033 [31m\]" 
GREEN="\[\033[32m\]" 
BLUE="\[\033[34m\]" 
GREY="\[\033[l;30m\]" 
PURPLE="\[\033 [0;35rTi\] " 


napoleon 

IN 

A 

192.168.1.6 

snowball 

IN 

A 

192.168.1.7 

major 

IN 

A 

192.168.1.8 


All I would do is add a new TXT record below 
any A records I have that lists what those servers do: 


Now that all the colors are defined, I simply can 
define PS1 with the default settings, only with these 
color settings around it: 

PSl = "$RED\u@\h:\w\$$NORMAL" 


napoleon 

IN 

A 

192.168.1.6 

napoleon 

IN 

TXT 

"DNS, DHCP, Internal wiki" 

snowball 

IN 

A 

192.168.1.7 

snowball 

IN 

TXT 

"Primary Internal File Server" 

major 

IN 

A 

192.168.1.8 

major 

IN 

TXT 

"Failover Internal File Server 


Once you save the changes to .bashrc, the 
next time you log in, you will notice your prompt 
is colorized. Now you can spend the rest of the 
afternoon tweaking the prompt with different 
sets of colors and symbols like I did the first time 
I found out about it. It even might be worthwhile 
to use a different prompt color scheme for different 
types of servers. 

DNS TXT Records 

One of the problems with the previous two methods 
is that you must log in to a machine to get infor¬ 
mation on it. That leads me to one of my favorite 

If you add a TXT record as well, that gives 
you a nice centralized place to docunnent 
what each server does in a way that can be 
queried from any machine on the network. 

ways to organize my servers, DNS TXT records. 
Most people probably are familiar with a DNS A 
record (it maps a hostname to an IP address) and 
probably CNAME and PTR records (it maps one 
hostname to another hostname and an IP address 
to a hostname, respectively), but many admins 
aren't aware of (or don't use) TXT records. A TXT 


Once I save my changes and reload BIND, the 
TXT records are ready to go. The next time I'm 
scratching my head trying to figure out what 
snowball does, I just have to issue a dig query: 

$ dig snowball.example.net TXT +short 
"Primary Internal File Server" 

Note that I used the -Fshort option with dig. 
That way, I get back only the contents of the 
TXT record instead of the volume of data dig 
normally gives me. Not only does this make it 
easy to narrow in on the information I want, it 
also makes it a handy little one-liner to add to 
other programs. I even could see some savvy 
administrators tweaking their shell prompt or 
motd so that it contained this value. 

Again, the beauty of using TXT records to 
document this is that it puts the information in 
a central place that you control and that you 
typically have to modify whenever you add a 
host anyway. Just be careful if you use this for 
externally facing DNS hosts—you might not 
necessarily want to broadcast all of your server 
info to everyone on the Internet. ■ 


Kyle Rankin is a Senior Systems Administrator in the San Francisco Bay Area and 
the author of a number of books, including Knoppix Hacks snA Ubuntu Hacks kr 
O’Reilly Media. He is currently the president of the North Bay Linux Users’ Group. 


42 I july 2009 www.linuxjournal.com 






Academy | Conference 

September 20 - 25, Miami | Florida 

Intriguing. Provoc|jti^ii^iforinative 


I! > 


*ly 

a z* 


V* I'V 

I II 


Get certified and obtain new technical skills. 
Understand the state of information security. 

Stay updated on latest threats and countermeasures. 
Network with infosec professionals from around the world. 

Be part of the world's largest reunion of Certified Ethical Hackers. 


Bonus! 


Attend the conference, and participate in one of the following full-fledged training workshop 

(Sep 25) led by EC-Council Master Instructors. 

1. Ethical Hacking | 2. Incident Response | 3. Virtualization Security 

Hackers Are Ready. Are you? 


Register Early 


www.hackerhalted.com 












NEW PRODUCTS 


Blackmagic Design's Broadcast and 
Post-Production Products 

The company Blackmagic Design recently announced a wholesale move to the Linux platform 
of its formerly Windows- and Mac OS-only products. Linux support was added to the new 
Media Express 2.0, a video capture and playback software application compatible with all 
Blackmagic Design DeckLink, Multibridge and Intensity products. This new version is a 
major update that adds support for direct capture and playback of DPX, AVI and QuickTime 
files, as well as list-based batch capture and playback, plus a major Ul overhaul. Also adding Linux support are the DeckLinux (video 
cards). Intensity (HDMI/analog editing component) and Multibridge (external capture and playback solution) products. A free, cross¬ 
platform SDK is included. Finally, the DeckLink Optical Fiber, which Blackmagic calls "the world's first 10-bit SD/HD broadcast capture 
card with both optical fiber SDI and regular SDI", now has a Linux driver and SDK. The card is designed for high-end broadcast and 
post-production customers who work in large facilities needing lots of creative workstation seats and seek to use both types of cabling. 
www.blackmdgic-design.com 



PureCM 


Software development companies should take note of the new PureCM 2009-1, 
a Software Configuration Management (SCM) solution that controls, tracks and 
visualizes changes to digital assets. PureCM facilitates software development in 
team environments, accommodating best practices, such as task-based version 
control, parallel development and build automation. One key new feature 
involves greater advance insight into and control of changes that need merging. 
Merge conflicts also can be resolved pre-integration using a visual resolve tool. A 
second key feature is a new and simplified cross-platform GUI, allowing developers 
to see on which files their colleagues are currently working within their private 
workspace. They also can preview their completed changes before integrating them automatically into the workspace. 
PureCM is cross-platform for Linux, Mac OS and Windows, and it offers native integration with Eclipse and Visual Studio. 



www.purecm.com 


ASUS VH Series LCD Monitors 


Greening your computing experience keeps getting easier, thanks to the efforts of companies like ASUS, 
whose new VH Series LCD monitors garnered a Gold rating under the EPEAT environmental standard. 

The VH series offers five models with screen sizes ranging from 20"-24". Each model has been certified 
by the EPEAT organization, which evaluates PCs based on their environmental attributes. EPEAT's 
standards demand exceptional performance in areas such as reduction or elimination of hazardous 
materials, design for end of life, product longevity, resource conservation, end-of-life management, 

corporate performance and packaging. Gold is EPEAT's highest rating. ASUS says that with the VH monitor series, it perfected new manu 
factoring techniques to reduce mercury and utilize post-consumer recycled plastic without affecting product performance and reliability. 



ASUSVH 


www.asus.com 


I-ANDtheTECIIJOR 

YOU LOVE 



Ani>t Lester 


Andy Lester's Land the Tech Job You Love 
(Pragmatic Bookshelf) 

If you're laid off or stuck in a dead-end career, Andy Lester's new book Land the Tech Job You Love 
from Pragmatic Bookshelf may land you a gig that springs you out of bed each morning. The book will 
help techies learn the job-search techniques that work for finding an fulfilling career. Lester claims that 
we techies have a tougher time finding and winning the right job, because companies are ever-more 
demanding and our competition is smart, tech-savvy and resourceful. The reader will learn skills such 
as how to uncover hidden jobs that never get publicized, perform effective social networking, craft an 
effective resume, understand the mindset of hiring managers and perform well in interviews. The book 
is further peppered with real-life stories about what works and hilarious tales of what doesn't. 
www.pragprog.com 


44 I july 2009 www.linuxjournal.com 




























1 


NEW PRODUCTS 


Aaron Erickson's The Nomadic Developer: 
Surviving and Thriving in the World of 
Technology Consulting (Addison-Wesley) 

If your dream job means saying adios to your boss and running your own show, pick up Aaron Erickson's new 
book The Nomadic Developer: Surviving and Thriving in the World of Technology Consulting, published by 
Addison-Wesley. Making a living as a technology consultant has its pros and cons, and author Erickson first helps 
readers assess whether it's their ideal career path. Should readers decide to choose to become (or continue as) 
consultants, Erickson presents a guide to success in the field. He explains issues such as how to break into the 
business and build a career path, understand the mechanics of consultancies and avoid the traps of unscrupulous 
ones, master secret consulting success tips, add more value than competitors, enhance professional development 
and build a personal brand. Erickson and other battle-worn consultants also offer the lessons they learned from years in the trenches. 
www.informit.com 


OpenOffice.org 

The Linux community's favorite office suite, OpenOffice.org, continues its forward progress with the 
latest 3.1 release. New overall features include improved screen appearance due to anti-aliasing, easier 
dragging and placement of graphics and improved file locking. New features in Writer include 
overlining (and not just underlining) and better comment functionality. New to Calc are a zoom slider, 
formula hints and improved sorting. New to Base are SQL syntax highlighting and the ability to a complete database application by 
including macros and scripts within a Base document. OpenOffice.org's supported platforms are Linux, Solaris, Mac OS and Windows. 
www.openoffice.org 

Virident's GreenCloud Server Family 

Virident recently released a new class of servers, which the firm says "is the first 
to be designed with the Internet in mind". The GreenCloud Server Eamily is 
optimized to deliver high-performance, as well as energy- and cost-efficient 
computing for data-centric, query-rich applications that predominate in the 
Internet data center. The first two members of the product line are GreenCloud 
Server for MySQL and for Memcached. Each server is based on the 
GreenCloud Architecture, which, says Virident, transforms an industry-standard 
server into a data-centric "in-memory server platform". The architecture allows applications to "directly interact with large volumes of data hosted 
in memory tightly integrated into the CPU complex, which ensures optimal utilization of all server elements—compute, memory and I/O". The 
resulting "Storage Class Memory", a new memory tier that bridges the performance and persistence gap between main memory and mass 
storage in traditional server architectures, works in tandem with a co-optimized software stack within an industry-standard x86 server platform. 
The result, says Virident, is "orders of magnitude higher performance and previously unattainable capabilities to data-centric applications". 
www.virident.com 

JetBrains' TeamCity 

And the award for most visually stimulating company name goes to JetBrains, who recently released 
version 4.5 of TeamCity, a distributed build management and continuous integration tool. JetBrains 
says that with TeamCity, one can set up a build server within minutes and enjoy out-of-the-box contin¬ 
uous unit testing, code-quality analysis and early reporting on build problems—all without leaving the 
IDE. Eurthermore, TeamCity is "the place to find all kinds of information about your projects—^from 
their current status and health, to the detailed change history with metrics and statistical trends". The 
company also cites TeamCity's gentle learning curve that allows users to improve release management 
practices quickly by gradually adopting its advanced features and capabilities. New in version 4.5 are improved integration with Visual Studio and 
Eclipse with added support for VCS systems, and enterprise-level features, such as user groups and LDAP support, and multiple Ul improvements. 
www.jetbrains.com 





Aaron Erick'^''^' 


The 

Nomadic 

Developer 



World ol Technology Contulling 


r ^ 

Please send information about releases of Linux-related products to newproducts(®linuxjournal.com or New Products 
c/o Linux Journal, PO Box 980985, Houston, TX 77098. Submissions are edited for length and content. 

L_ J 


www.linuxjournal.com ju ly 2009 I 45 























NEW PROJECTS 


r 


Fresh from the Labs 


Gnaural—Binaural Brain Wave 
Entrainment 

gnaural.sourceforge.net 

This has been one crazy month. Why? 
Because I've discovered the weird- 
science world of Binaural Beats. For 
the uninitiated (which I'm guessing you 
are), binaural beats are basically just 
two sound streams running against 
each other, but usually for a very specific 
purpose: brain wave entrainment. 

The way it works is you'll have an 
audible base frequency, say 200Hz. 

Then you have a beat frequency, which 
usually will be below what your ear can 
hear, say 8Hz. You then run the carrier 
frequency down both sides of the 
stereo spectrum (and this is best on 
headphones), but with a slight differ¬ 
ence on one channel from the other (in 
this example, 200Hz down the left, and 
208Hz down the right). When you hear 
these played, your brain concentrates 
on the 8Hz difference, or whatever beat 
frequency you're running. 

Why would you do this, you ask? 





(2/21 

• . T J ... 

.. i i 1 1 .. i 1 .. i * ,, 

... 

©£0f«rd 

mi Srit«m Swcc*M td«wic« 0 ] 

Gnaural can help slow down or speed up 
your brain waves—here it’s being used for 
inducing a meditative state. 







(n.M) (vii 

^ 8mnimHMHaniigiiDMmitwKimj4i 

• SMirtw) vokm SatwM 


@eM* 0^r««< ©ti^wd 

Here’s Gnaural being used to maintain alert¬ 
ness—very handy for studying. 


Because these binaural frequencies 
can have strange and unique effects 
on your body and state of conscious¬ 
ness. This really is weird stuff, and 
the program we're looking at using is 
Gnaural, made by my good friend 
from Yale Psychology, Bret Logan. 
According to its Web site: 

Gnaural is a multiplatform pro¬ 
grammable binaural-beat gener¬ 
ator, implementing the principle 
of binaural beats as described 
in the October 1973 Scientific 
American article "Auditory Beats 
in the Brain" (Gerald Oster)....ln 
over a decade of experience 
with the technique, I have found 
it mainly useful in areas of sleep 
induction and "power napping", 
and also as a way to bring medi¬ 
tation both within reach (when 
stress has put it out of reach) 
and to extend its boundaries 
over time. 

Installation Provided on the Web 
site are packages specifically for Debian; 
however, there are packages natively 
available for Ubuntu, Fedora, SUSE, 
Gentoo and Arch Linux. There are 
two versions available: Gnaural and 
Gnaural 2. I'm not sure what the differ¬ 
ence is (maybe it's that they use GTK 1 
and 2—they look the same to me), but 
Gnaural 2 is obviously the latter, so I've 
stuck with that. When I went to install 
the binaries, there were no dependency 
issues, so they installed right away. 

If you're working with source, you'll 
need the -dev packages for Iibglade2, 
libportaudio and libsndfile. If you 
download the tarball, extract it, and 
enter the folder with the command 
line, apparently the installation is the 
usual case of: 

$ configure 
$ make 

$ sudo make Install 

However, I had problems with con¬ 
flicting Portaudio versions and couldn't 
get past the ./configure script, so better 
luck to you if you're compiling the 
source (I just stuck with the binary). 


Once Gnaural is installed, you can start 
it at the command line with: 

$ gnaural2 

Usage Before you do anything, 
plug in some decent headphones. 

When Gnaural loads, you'll see a bunch 
of controls and a field with a strange 
graph. This is Gnaural's default pattern, 
a playlist of binaural frequencies. 

This default pattern is designed to be 
"Meditative, spiking occasionally to 
wakefulness", and it has a default play 
time of 73.5 minutes, which safely will 
fit on any audio CD. If you're patient, 
press Play and go for it. Otherwise, you 
might want to scale back the runtime 
to something you can easily hack, say 
ten minutes or so (check the Scale box 
under Selected Datapoints X, and drag 
the slider left to do this). 

Now, I must state from the outset, 
this is nothing to do with New Age 
stuff. Gnaural is purely scientific in its 
methods, and it uses only two sound 
waves running against each other. 

When it refers to meditation, although 
someone who meditates in the tradi¬ 
tional sense would find use here, in this 
case, it's purely to do with slowing 
down the brain and relaxing—shutting 
off parts that needn't be running for 
the moment. This default pattern will 
take you through various stages of 
consciousness by entraining your brain 
to certain frequencies. 

In the background, "pink noise" will 
be playing, which is a sort of soft static 
that helps drown out noise from the 
outside world. This can be muted if you 
like, which generally will make the 
effect of the binaural sounds stronger 
and more apparent. I haven't really got 
the space to go into much further detail 
here, but explore, and you'll find that 
you can make your own frequencies 
and design your own patterns, among 
many other features. 

In terms of bodily effects, generally 
it will make you feel more relaxed and 
probably sleepy—that's the desired 
effect of the default pattern. However, 
on experiments with myself and my 
friends, I found I had strange REM-like 
eye movements and rapid blinking. One 


46 I july 2009 www.linuxjournal.com 












1 


NEW PROJECTS 


friend had momentary changes in 
vision. Another seemed to lose track of 
time. One got really sleepy. Our guitarist 
felt amazingly relaxed, and his brother 
said it felt like his ears were shrinking. 
And, one of my mates said it felt like his 
tongue was slowly disappearing! 

The uses of binaural beats aren't 
limited purely as a tool of relaxation 
though. If you have a bit of a trawl 
around the Web site's discussion boards, 
you can find other presets for things, 
such as staying alert, helping you wake 
up, maintaining concentration while 
studying and helping travel times 
pass quickly. 

These usually sub-audible frequen¬ 
cies have different effects on different 
people—everyone's brain is unique. I'd 
like to say this is harmless, but that 
would be irresponsible. This is still a 
fairly unexplored area of science. If you 
try it, do so at your own risk, and if 
you have negative effects, stop using it 
immediately. On the other hand, you 
also might find it's brilliant, soothing 


and love every minute of it, and some 
people are using binaural beats every 
day for this very reason. Check it out, 
but take care. 

Back In Time—a Backup Tool 
with a Difference 

backintime.le-web.org 

Ever made a mistake, deleted or over¬ 
written something, and wanted to go 
back a day? This might be the tool 
for you. According to the project's 
Freshmeat entry: 

Back In Time is a simple backup 
system for Linux (GNOME and 
KDE4) inspired by the flyback 
project and TimeVault. The back¬ 
up is done by taking snapshots 
of a specified set of directories. 

All you have to do is configure 
where to save the snapshot, 
what directories to back up, and 
when a backup should be done 
(manually, every hour, every day, 
every week or every month). It 


u e X r o c Q 




155?^- 

]a<w-04.n >»M 1] 

♦ 


|>.4,2«/I00 

^ «2ilUt 17 1 

, > mt.M 14 

^ iwsi m 

' «60»*nfo ] 

o» 

<• . - 

Back In Time—Simplistic Backups for 
Specific Folders 

Sattlogs - Back In Tima 

Si«n«cal include fccluda Autoramove Osiians Enpart Opbane 

Wlwie to Mve snapshots 


/lwm«Anhoi/back ups ' tost 

Schedule 

■ 

1 Every 10 minutes 

_ 


Back In Time lets you decide how often you 
want to back up your folders and where, in 
handy folder snapshots. 


Expert included. 

Meet Victoria (on the right). She is the Silicon Mechanics marketing expert responsible for the events and promotions that keep our customers 
informed about exciting new products and technologies. She's pictured here with her twin sister Veronica, an industrial designer, to help us make a 
point about what makes twin servers from Silicon Mechanics so popular. Victoria and Veronica are twins, but they don't look exactly alike and they 
don't do the same job. Twin servers are two servers in a single 1U chassis: they can be configured differently, and they handle their own individual 
workloads. 

With the introduction of the Rackform iServ R4410 from Silicon Mechanics, twin power has reached a whole new level: the twin^. A twin^ is a 2U 
4-node system. It supports four swappable, full-featured nodes in a 2U chassis with redundant power. In each node you'll find 2 of the new Intel® 



Powerful. 

Intelligent. 


Xeon® 5500 Series processors, 12 DDRS DIMM slots, 3 hot-swap drives, and an integrated dual-port GigE adapter. Integrated InfiniBand is also 



;n—lean 


visit us at www.siliconmechanics.com 1 
or call us toll free at 866-352-1173 


Silicon Mechanics and the Silicon Mechanics 
logo are registered trademarks of Silicon 
Mechanics, Inc. Intel, the Intel logo, Xeon, 
and Xeon Inside, are trademarks or registered 
trademarks of Intel Corporation in the US and 
other countries. 


For more information about the Rackform iServ R4410 
visit www.siliconmechanics.com/R4410 


available with the R4410-IB. Unmatched density and state-of-the-art 
processors make the R4410 a superior choice for high-performance 
computing, and Victoria is spreading the word with enthusiasm. 

When you partner with Silicon Mechanics, you get more 
than the latest and greatest in density, performance, and 
energy efficiency—you get an expert like Victoria. 

























NEW PROJECTS 


Project at a Glance 


LongoMatch: the Digital Coach 

You know how much I love a niche pro¬ 
ject, and here is something genuinely 
cool-looking. According to its Web site: 

LongoMatch is a sports video 
analysis tool for coaches to 
assist them in making game 
video analysis. You can tag the 
most important plays of the 
game and group them by cate¬ 
gories to study each detail of 
the game strategy. A list with 


all the tagged plays lets you 
review them with a simple 
click, even in slow motion. The 
timeline gives a quick overview 
of the game and lets you 
adjust the lead and lag time of 
each play frame by frame. 
LongoMatch has support for 
playlists, an easy way to create 
presentations with plays from 
different games. Besides, you 
can create new videos with 
your favorite plays using the 
video editing feature. 


acts as a user-mode backup sys¬ 
tem. This means you can back 
up and restore only folders to 
which you have write access. 

Installation If you check out the 
Web site's download page, it has 
instructions to integrate repositories for 
Ubuntu and Fedora, where you can 
install the packages straight from your 
system's package manager. If you don't 
have either of these distros though (or 
prefer to compile it), the source is avail¬ 
able too. The link where these are found 
is misleadingly marked "You can down¬ 
load older versions here" on the main 
downloads page (you actually can get 
the latest source tarballs from this section 
too, newer than the main binaries). 

If you're going with the binaries, you'll 
have to install the available common 
package first, and then install either the 
GNOME or KDE4 package, depending on 


$ sudo ./install-gnome.sh 

It now will be ready to run under 
GNOME and requires python-glade2, 
python-gnome2 and meld. 

For KDE, enter: 

$ sudo ./1nstall-kde4.sh 

The KDE option requires x11-utils, 
python-kde4 (>= 4.1) and kompare. 
Once the installation is finished, you can 
run the program by entering: 

$ backintime 

Usage Once you're inside. Back In 
Time is a pretty basic affair. On a first¬ 
time run, it starts off with the Settings 
Dialog, where you define where the 
backup snapshots are saved, what 
folders to back up and how often to 
do it (among other features). 


Ever made a mistake, deleted or overwritten 
something, and wanted to go back a day? 


your preference. If you choose to run 
with the source tarball, installation is 
surprisingly easy. Download the tarball, 
extract it, and open a terminal in the 
folder. Enter the command: 

$ sudo ./1nstall-common.sh 

This first step installs the base of the 
program (not the GUI) and requires that 
you have Python and rsync installed. 

If you want to run with GNOME, 
enter: 


Start with where to back up. You'll 
see the General tab first, and the first 
field will let you choose where to save 
the snapshots of what you want 
backed up. Below that is the drop¬ 
down box for how often you want 
snapshots updated, which has the 
choices of disabled (you'll have to do 
it yourself), every five minutes, ten 
minutes, hour, day, week or month. 
I've got mine set to every ten minutes. 
It checks to see whether there are any 
folder differences, and if so, it takes 



LongoMatch 


Flopefully, I can get this working by 
next month; it looks to be a juicy 
little project! 


another snapshot. 

Click on the Include tab, and you 
can define what actual folders you want 
backed up in your snapshots. I've got 
my desktop being backed up in snap¬ 
shots, which are in the form of separate 
folders in my home directory, under 
backups. Every time there's a change, 
a new folder is made, each with a 
different date and time code, allowing 
me to backtrack accurately if I need to 
retrieve something. Other tabs include 
more advanced options, such as exclud¬ 
ing certain files and the like, but I'll let 
you explore that yourself. 

All in all. Back In Time is a very 
simple application that is best used 
on smaller folders that you work with 
a lot. As a musician with my own 
recordings, I have a lot of music files 
being constantly altered, and quite 
often, I make silly mistakes that result 
in files being irretrievable. Back In 
Time is invaluable for such circum¬ 
stances. If you're chasing something 
super-advanced with a lot of wizz- 
bang features that work system-wide, 
this probably isn't it, but for those 
who want something simple for use 
on a small scale, it's ideal. 


John Knight is a 24-year-old, drumming- and climhing- 
ohsessed maniac from the world s most isolated city—Perth, 
Western Australia. He can usually be found either buried in an 
Audacity screen or thrashing a kick-drum beyond recognition. 


Brewing something fresh, innovative 
or mind-bending? Send e-mail to 
newprojects@linuxjournal.com. 


48 I july 2009 www.linuxjournal.com 

























REVIEWS 



HARDWARE 


The Kindle 2 

A review of the sleek, slim, sexy successor 
to the Kindle, daniel Bartholomew 


amazon kincilt* 




amazonkindle 


ThatiV >.M. r,:.- jiu.ilMsiuy. AIlJa^un Kli.^rr J You 

•r« :c»dlng th« Welcome »ectlo» of The Ki’-.f. 

i Guhk. This section provides an orervieu J 
Kindlr 7 jnd -T lew Jwtr f. atu!. ^ ■. > 

yiTD ran -.tari trading ■« t{uicldy as possible 

You rar '.cave This guide at any time by pressing 
The Home button on yuui Kindlr Tn turn m rWr 
next page, pieu onr ot Ihr Next buttons. 

if your Kindlr war n gift, you will need to rerit’rr 
yout drrirr Please !cok at the v-cTtjri, SUittrd 
insiTucrions Tliat came with youi Kir i’f for 
InforrrsTjon 0;. m -gisteimg ycur devkr 



Figure 1. The Kindle 2 is the length and width of a paperback book 
and much thinner. 


the wireless turned on, I can use the Kindle for several days 
before having to charge it. With the wireless turned off, I have 
to charge the Kindle only two or three times a month. This is 
a vast improvement over the original Kindle—when I did not 
have the charger with me, I had to be careful never to turn 
on the wireless except when I wanted to purchase something 
or knew I had a subscription waiting for me to download. 
Turning on the wireless on the original Kindle is a sure way to 
kill your battery life. 

Another improvement is that newspapers and magazines 
are easier to navigate on the Kindle 2. Instead of having to 
use the scroll wheel to select links to jump between different 
articles, I can move the joystick to the left or right anywhere 
on the page to jump between stories. Likewise, a single click 
takes me to the section list. 

Browsing Web sites also is better on the Kindle 2. The 
combination of better graphics and a faster processor makes 
the experience tolerable. It still could be improved, sure, but 
it is a definite step up from the original. Web pages appear 
quicker and are much easier to navigate. 

On the entertainment front, the Find the mines! (aka 
Minesweeper) game (that you can get to by pressing Alt- 
Shift-M) works much better on the Kindle 2. For one thing, 
it's actually playable, which I consider to be a requirement 
for games. The game works so well, I wish there were more 
games. Hangman, Scrabble or some other word game 
would be nice, for example. 

Another improvement is that you now can attach 
notes to individual words, thanks to the five-way joystick 
controller. The original Kindle let you attach notes only to 
individual lines of text. Of course, that being said, there 
aren't many instances where I have wanted multiple discrete 
notes per line, but just in case I do, the feature is there. 
Unfortunately, although the original Kindle can see the 
multiple notes per line that I made on the Kindle 2, it can't 
select or edit them properly. 


Everyone knew Amazon would announce a successor to its 
popular Kindle ebook reader. What people did not know was 
when. Thankfully, the time between when the Kindle 2 was 
announced and when it started shipping was short. Now that 
it has been released, it's time to put Amazon's Linux-powered 
book reader to the test. 

Like the original, the Kindle 2 is built around an e-ink 
display. The dimensions of the display are the same, but every 
other aspect of the device is either new or modified. Instead of 
being shaped like a wedge, the Kindle 2 is a flat slab. Instead 
of a rubberized back, it has brushed aluminum. Instead of 
angled rectangular keys in a split keyboard configuration, 
it has circular keys in a rectangular grid. Instead of a scroll 
wheel, it has a five-way thumbstick. Instead of four shades 
of gray, it has 16. You get the idea. 

Things the Kindle 2 Does Better 

Let's start with my favorite Kindle 2 improvement: battery life. 
Of all the changes, this is the one I appreciate the most. With 



Figure 2. The screen size has stayed the same between the two versions 
of the Kindle. 


50 I july 2009 www.linuxjournal.com 

































1 


REVIEWS 


Things the Kindle 2 Does 
Differently 

The power and USB ports have been 
combined on the Kindle 2. The included 
power adapter is really just a standard 
USB-A to micro USB-B cable with a wall 
adapter. The use of a micro USB end 
instead of the more common mini USB 
that the original Kindle used is a disap¬ 
pointment, because I can't use the same 
cable to connect both Kindles to my 
computer. A lot of manufacturers are 
moving to micro USB, because although 
the width of the plug is the same 
compared to mini USB, it has about half 
the height, which makes it easier to 
incorporate into thinner devices. Two 
years from now. I'll probably have lots 
of micro USB cables, because most 
devices will have moved to it, and it 


won't be a big deal. Right now, the 
cable that came with the Kindle 2 is my 
only micro USB cable, so I need to keep 
an eye on it. At least Amazon did not 
do something stupid and create its own 
custom connector. I also hope more 
manufacturers take Amazon's lead and 
combine both the data and power 
cables. Fewer cables is good, and the 
more devices I can charge with the 
exact same cable, the happier I'll be. 

There is no longer a physical button 


for turning the Kindle's wireless on and 
off. This has both good and bad sides 
to it. For one, if you attempt to do 
something that needs the wireless, the 
Kindle 2 offers to turn the wireless on 
for you. On the other hand, it takes 
more effort to turn the wireless off now 
that it is not a physical switch. It takes 
only a couple clicks from anywhere in 
the Kindle 2 interface, so it's not a big 
deal. And, with the longer battery life, 

I don't need to stress as much about 



Figure 3. The Kindle 2 plug (bottom) is much 
smaller than the plug for the original Kindle. 



Figure 4. There is no physical switch to turn 
the wireless on and off, so the Kindle offers to 
turn it on for you if you try to do something 
that requires it. 



servenbeach.com 


ServerBeach 

Off geens, far geans"’ 


0 ValuePack (always included] 

> 24/7 live customer service 

> 24/7 ticketing system 

> Personal account manager 

> Lots of bandwidth 

> Free OS reloads 


> Free Rapid Rescue 

> Super fast PEER 1 network 

> Rock-solid IT infrastructure 

> 100% uptime guarantee 

> Choose your data center - East 

Coast, West Coast and Central 


> Free Rapid Reboot 


1.800.741.9939 

A PEER 1 COMPANY 


When YouTube first started to experience its 
exponential growth and our hosting needs changed, 
ServerBeach offered us great flexibility. They continually 
redesigned our streanning architecture for optimum 
performance while keeping our hosting costs in check. 


STEVE CHEN Founder | YouTube 


www.linuxjournal.com ju ly 2009 I 51 

























REVIEWS 


leaving the wireless on like I did with 
the original Kindle. 

Things the Kindle 2 Does 
Not Do Better 

Despite all the nifty new features, the 
original Kindle did a few things better 
than the Kindle 2. For one, no cover is 
included. Instead, you are forced to pur¬ 
chase one. I say forced, because with a 
device this expensive and fragile, going 
out without a cover is not a good idea. 
The original Kindle's cover was not 
anything to be proud of, but it was 
included with every Kindle, and it 
worked well enough, most of the time. 
I happily admit that the covers are 
much better this time around. They 
snap securely into the left side of the 
Kindle 2, and I'm not worried about 
the Kindle 2 falling out of the cover 
like I was with the original Kindle. 



Figure 5. The Kindle 2’s covers are nice, 
but they are no longer included. You have 
to purchase them separately. 



Figure 6. The way the Kindle 2 attaches to the 
covers is more secure than it was with the 
original Kindle. 

Another thing the original Kindle 
did better was contrast. The contrast 
between the gray-ish background and 
the text is just not as good as on the 
original Kindle. It's hard to notice unless 
you have them side by side, but if you 


do, it's instantly recognizable. The text 
on my original Kindle is sharper, darker 
and easier to read than the text on my 
Kindle 2. If there was one thing I wish 
they would have kept from the original, 
the screen is it. I would happily go back 
to four shades of gray if it means better 
contrast. I use the Kindle for reading, 
not looking at gray-scale pictures, and 
why Amazon thought that improving 
picture quality was more important than 
text legibility is a mystery to me. 

There also are a few things the origi¬ 
nal Kindle had that the Kindle 2 does 
not. For one, the Kindle 2 does not 
have a removable battery. This seems to 
be a trend among consumer electronics 
manufacturers these days. It's a trend I 
do not like. Maybe it was necessary to 
get the desired thinness and battery life, 
but I still would prefer a removable bat¬ 
tery. If the battery dies on my Kindle 2, I 
likely will have to send it in to Amazon 
to be fixed. On my original Kindle, I can 
replace the battery myself and even 
carry around spares. 

Another thing that got axed this 
time around is the SD card slot. The 
internal memory of the Kindle has been 
beefed up to 2GB, but that's no excuse 
in my opinion. Using SD cards was one 
of the ways I used to organize my 
growing collection of ebooks. On the 
Kindle 2, I can carry them all with me, 
but I have to page through screen after 
screen to get to a particular book. Since 
they have removed removable storage. 


Daniel's 2nd Kindle 

.iii; 


Showing All 20 Items 

By Most Recent First 

The New Oxford American Dictionary 


My Clippings 



Upgrading to Kindle 2 

Amazon.com 

M 

1: total montory: 4726784 
free memory; 1947872 



T1 

2: total memory: 4726784 
free memory: 2007912 


T»an 

t: 



)oks 

w 

msm 


fZ05 

Ender in Exile 

Orson Scott Card 

Kindle 2 User's Guide 

Amazon.com 

The Hacker Crackdown 

Bruce Sterling 


Page 2 of 3 


Figure 7. The meminfo screen shows current 
memory usage. 


Amazon really needs to update the 
Kindle software to allow for some sort 
of organizational hierarchy, manual or 
otherwise—folders, tags, genres, 
whatever. Right now, things can be 
displayed alphabetically (by title or 
author), or by how new they are. That's 
a poor way to organize things if you 
have 100-1- ebooks on your Kindle. 

New Things the Kindle 2 
Can Do 

So, the question you probably are asking 
is "What's new?" The answer is, not a lot. 
There are a pair of major new features. 

The first of these is Text-To-Speech (TTS). 
Personal computers have had TTS of 
varying quality for decades. I remember 
toying around with a rather primitive 
TTS system for Apple lie computers back 
in the early 1980s, and then there was 
the Macintosh that famously introduced 
itself using TTS, so it's not surprising 
that TTS has found its way to handheld 
devices like the Kindle. I have found it 
to be a useful feature. 

The TTS system on the Kindle 2 
is powered by RealSpeak Solo from 
Nuance Communications. The quality 
is good, and great strides have been 
made in the past few years with 
regard to making computer-generated 
male and female voices sound more 
natural. It is not a replacement for an 
audio book, but it does come in handy 
for times when I can't look at the 
Kindle but still want to continue reading. 
While driving is the obvious time when 
it would be bad to read the Kindle. I 
also have used the TTS when cooking 
and exercising. 

The Kindle 2 can read text at three 
speeds. The middle setting works the 
best for me, but if I want to cruise 
through several newspaper articles 
quickly, the fast setting does a good 
job. As far as the voices go, I personally 
prefer the male voice. The female voice 
sounds more robotic to me, but I'm sure 
others will feel the same way about the 
male voice. 

For all of its benefits, the TTS feature 
of the Kindle has not been without 
controversy. As soon as it was announced, 
the Author's Guild cried foul and claimed 
that TTS violated authors' copyrights 
on recorded performances of their 
work. The legal validity of this claim is 
debatable, but Amazon quickly moved 
to settle with the Guild by changing 


52 I july 2009 www.linuxjournal.com 


























TTS through a firmware update so TTS 
could be turned off at the discretion of 
the rights holders. 

In honor of the 15th anniversary 
of Linux Journal, I had the Kindle 2 
"read" the Linus Torvalds interview 
from the very first issue. It's not per¬ 
fect, and it's unintentionally funny in 
places, but it does a good job overall. 
The .ogg file I captured is available 
at www.linuxjournal.com/site_files/ 


Upgrading to Kindle 2 ••■C-1—f 


Dear Daniel, 

We noticed that you previously registered a 
Kindle to this account -- thanks for upgrading to a 
Kindle 2! The following steps will help transfer 
your existing books, subscriptions and Kindle 
e-mail address (used to receive personal 
documents), to your new Kindle 2. 

1. If you wish to transfer subscriptions or a Kindle 
e-mail address use the 5-way controller to click 
the link below: 

Transfer subscriptigns qi Kindlg g-mail address 

2. To download your previously purchased Kindle 
books, open Archived Items from the Home screen. 
Your past book purchases will be listed and can 
be re-downloaded whenever you want for free. 

3% Locations 1-7 8 


Figure 8. The Kindle 2 includes a helpful 
and personalized letter to walk you through 
downloading your files. 



Figure 9. If you have an original Kindle, you 
will be prompted to download your previously 
purchased items. 


video/interview_with_linus.ogg if 

you want to listen to it. 

The second major new feature is 
synchronization of your page position, 
bookmarks and notes between devices. 
Now that there are multiple versions 
of the Kindle out there, and a Kindle 
iPhone application, it's a safe bet that 
people will read their Amazon ebooks 
on two or more different devices. When 
I first turned on the Kindle 2, part of 
the getting started process had me go 
to the Archived Items section of the 
Kindle interface and download the 
books I had purchased previously for 
my original Kindle. A week before the 
Kindle 2 started shipping, Amazon 
made a firmware update available for 
the original Kindle that added the 
synchronization functionality, so when I 
opened the books on the Kindle 2, they 
opened to the page I was reading when 
I last had them open on my original 
Kindle. All of my notes and bookmarks 
were there too. This made switching to 
the new device painless. 

The unfortunate thing about all 
this synchronization goodness is it 
works only with items purchased from 
Amazon. Books from other sources 
cannot be synchronized wirelessly. I 
wish it weren't this way, but I can see 
Amazon's reasoning. The cell network 
access the Kindle uses is not free, 
after all, but I still don't like the 
synchronization not working for 
non-Amazon items. 

Hacking the Kindle 2 

Like the original Kindle, the Kindle 2 has 
several hidden features. One of these is 
the 411 information page. To display it, 
go to the main screen, choose Settings 
from the menu to go to the settings 
page, and then type 411. The 411 
page then appears. I would include a 
screenshot, but the page is filled with 
things like the Kindle's serial number 
and other information that should 
not be made public. 

Another thing the Kindle 2 has that 
the original Kindle had is a debug 
mode. To get to the mode, bring up the 
search box and enter ;debugOn, and 
press the Enter key. Then, bring up the 
search box again, and enter ' help to 
show the various debug commands that 
are available. There's no documentation 
for what the listed commands do. And, 
if you break your Kindle messing around 










TS-7500 

Embedded Computer 

Faster. Smaller. Cheaper. 

Qu.lOO $84 



66 mm / 2.600 in 


Powered by a 

250 MHz ARM9 CPU 


» Low power, fanless, < 2 watts 
n 64MB DDR-RAM 
n 4MB NOR Flash 
n Micro-SD Card slot - SDHC 
81 USB 2.0 480Mbit/s host (2) slave (1) 
n 10/100 Ethernet 

n Boots Linux in less than 2 seconds 
n Customizable FPGA - 5K LUT 
n Power-over-Ethernet ready 
n Optional battery backed RTC 
81 Watchdog Timer 
81 8 TTL UART 
81 33 DIO, SPI, |2C 


Dev Kit provides out-of-box 
development -i- extra features 


* Over 20 years in business 

* Never discontinued a product 
» Engineers on Tech Support 

81 Open Source Vision 

» Custom configurations and designs w/ 
excellent pricing and turn-around time 

" Most products ship next day 


It 




ii 














































REVIEWS 


r 


My Kindle Wish List 

I believe the Kindle 2 is the best ebook reader on the market right 
now. However, it's not perfect. Here is a list of six things I hope will be 
part of the Kindle 3; 

1. A touchscreen: a device like the Kindle needs a touchscreen. 
When I hand the Kindle to people to try, nine times out of ten, 
they will try to tap on the screen to select an item. Every review 
I've read of the Kindle 2 talks about how much better the 
joystick is than the scroll wheel on the original Kindle. I say 
a touchscreen would have been better. 

2. Folders or tags: there needs to be a folder or tag method for 
organizing files. Empirical ordering by author, title or date has 
its place, but for ease and speed of access, a good logical lay¬ 
out works best for me (especially when I create the layout). 

3. Slide-out keyboard: the keyboard isn't used much on the 
Kindle. For the 95%+ of the time when I'm not using the key¬ 
board, I would like it to disappear. Cell phones have had sliding 
keyboards for years. It shouldn't be too difficult to add one to 


the Kindle and free up space for either a bigger screen or a 
smaller physical size. 

4. Real keyboard keys: while I'm on the subject of the Kindle's 
keyboard, the chiclet keys are terrible. The Kindle 2 has the 
space—put some decently sized keys there. I realize both this 
and suggestion #3 will make the Kindle thicker, and I'm okay 
with that. The Kindle still would be thinner and lighter than 
nearly every book on the market. Call it the "pro" version and 
charge a premium. Better still, make the current version the 
"lite" version (and drop its price by $100+) and sell the "pro" 
version for the current price. 

5. Microphone: add a microphone to the Kindle 2 and make it 
possible for me to create voice notes. Let me attach them to 
specific passages in books just like regular notes. 

6. Removable battery: bring back the removable battery. Don't get 
me wrong, I love the extended battery life, I just don't like that 
the battery is now not removable. 


with them, Amazon probably will con¬ 
sider you to have broken your warranty. 

That said, one hacker found that the 
'usbQa and 'usbNetwork commands 
enabled him to tether his Kindle 2 to his 
computer. It's not the kind of tethering 
where the computer was getting its 
Internet access from the Kindle 2 (like 
what you might do with mobile phone 
tethering). Instead, the Kindle 2 was 


able to connect to the Internet using the 
network connection of the computer. 
This is not terribly useful, but it's there if 
you want to experiment. 

The Kindle 2 runs Linux, and a lot of 
the software it uses is licensed under 
the GPL or the BSD license. Some of 
the more interesting pieces of software 
include syslog-ng, u-boot, monit, Irzsz, 
iptables, gstreamer, BusyBox, dosfstools, 


e2fsprogs, ALSA, mtd-tools, bzip2, 
libpcap, ncurses, ppp and strace. The 
presence of BusyBox in particular sug¬ 
gests that a command-line environment 
of some kind should be available—if 
BusyBox had the right features enabled 
when Amazon compiled it, which it didn't. 
One hacker discovered that statically 
compiled Linux ARM binaries work just 
fine on the Kindle 2, and he was able 


Daniel's 2nd Kindle O 

Showing All 20 Items By Most Recent First 

The New Oxford American Dictionary 


U 

M 

Tl 

Tl 

U 


Private shortcuts; 7777, allocate, 
applyUpdate, batteryLoggingDelay, 
checkForUpdate, compliance, 
consumeMemory, 

countUnmergedDownloadedlndexes, 
'disableindexing, 'downloadindex, 
dumpBattery, dumpIndexStats, 
einkAdjustments, help, 
'indexForever, 'indexStatus, 'log611, 
logOpenFiles, 'meminfo, pppStop, 
processTodo, reloadContentRoster, 
'startindexing, 'stopindexing, 
terminal, usbNetwork, usbQa, 
voltLog 


rr^in 


jokr. 


El 


!ard 


kL 


Jcom 


The Hacker Crackdown_Bruce sterling 


Page 2 of 3 



Daniel's 2nd Kindle •■tF 

Showing All 20 Items By Most Recent First 

The New Oxford American Dictionary 

My Clippings 

Upgrading to Kindle 2 Amazoir.com 

Masterpieces Orson Scott card 

man 

>oks 

Welcome Daniel Jeff Bezos 

Ender in Exile Orson Scott Card 

Kindle 2 User's Guide AmazorLcom 

The Hacker Crackdown Bruce sterling 

Page 2 of 3 



Figure 10. The debug mode 'help screen—the 
backticks (') are required. 


Figure 11. Turning on the hidden debug mode. 


Figure 12. Some of the dialogs that appear 
when mucking around in Debug mode are 
less than helpful. 


54 I july 2009 www.linuxjournal.com 














































to replace the onboard BusyBox with one he had compiled for 
the Android platform, which had Telnet enabled. This let 
him Telnet into his Kindle when it was connected to his 
local network via the USB tethering trick. 

The Kindle 2 is less hackable than the original Kindle 
(there's no external serial port, for example), but determined 
individuals have been able to poke and prod at the hardware. 

On the software side, there's a cat-and-mouse game 
currently being played out that looks a lot like what went on 
a few years back with Apple and its iTunes/iPod DRM. People 
are posting scripts that help you use encrypted Mobipocket 
files purchased from other on-line sources, to which Amazon 
responds by serving DMCA takedown notices. The scripts then 
surface on different sites hours later. Amazon then changes its 
DRM, which breaks the scripts. Updated versions of the scripts 
surface the next day. And, the cycle keeps going. 

There is one neat project all of this hacking has enabled 
that I'd like to mention in closing: Savory. This is software that 
runs on the Kindle that will convert .pdf and .epub files into 
Kindle-compatible .mobi files automatically. It also updates 
the built-in Web browser to accept .pdf and .epub as valid, 
supported media types. Battery life is impacted with this 
package installed, but not by much, and the ability to navigate 
to, download and automatically convert .pdf and .epub 
documents without having to make a trip to my desktop 
computer makes it worth it. 

Conclusion 

So, is the Kindle 2 worth it? Maybe. If you have an original Kindle, 
it's a tossup. There are a lot of nice improvements, but if the 
original Kindle is working for you, there really is no compelling 
reason to make this a must-have upgrade. If, on the other hand, 
you don't have a Kindle, the reasons and justifications for getting 
the original Kindle still apply: get one if you love to read and 
don't like (or can't) carry around all the books you want to read. 
The Kindle 2 is the best of the current crop of ebook readers, 
and if you've been wanting to get an electronic reader, you 
could do a lot worse than the Kindle 2.m 


Daniel Bartholomew lives with his wife and children in North Carolina. 


Resources 


Instructions on connecting to the Internet from your 
Kindle, through your computer: blog.fsck.eom/2009/03/ 
tethering-your-kindle.html 

An unofficial firmware update tool for the Kindle 2: 

igorsk.blogspot.eom/2009/03/kinclle-2-ticlbits.html 

Telnet on the Kindle 2: blog.fsck.eom/2009/03/ 
a-procluctive-evening-so-far.html 

DMCA Takedown Notice from Amazon: 

www.mobilereacl.com/forums/showthreacl.php?t=41929 

Savory: a native ebook converter for Kindle 2: 

blog.fsck.eom/2009/04/savory.html 


Need SERVERS NOW? 

Next Day GUARANTEED! 

Best PRICE GUARANTEED! 

_m (§) vmware 

CUSTOMIZABLE SERVER SOLUTIONS SINCE 1989 


CERTIFIED 





King Star 2 Nodes in 1U System 

1U Rackmount Server with 1200W Power Supply 
Nehalem Xeon Quad/Dual-Core 1333Mhz CPU 
Up to g6GB DDRS 1333MHz ECC REG MEM 
IPMI with KVM-Over-LAN support 
Intel 82576 Dual-Port Gigabit Ethernet Controller 
4 X 3.5” Hot-Swap SATA Drive Bays 


starting at $ 2,037 


King Star 24 Core Xeon System 

2U Rackmount Server with 1200W Power Supply 
Intel Xeon Six Core 1066MHz CPU 
Up to 192GB DDRII 667 FB-DIMM MEM 
3Ware 9690SA-4i4E SAS RAID Controller 
IPMI with KVM-Over-LAN support 
2 X 3.5” Hot-Swap SATA Drive Bays 


STARTING AT: 


$1,927 









I 


King Star 52TB Storage System 



5U Rackmount Server with 1350W Power Supply 

Xeon Quad/Dual Core 1333MHz CPU 

Up to 32GB DDRII FB-DIMM MEM 

3Ware 9650SE SATA2 RAID Controller 

Intel 82563 Dual-Port Gigabit Ethernet Controller 

26 X 3.5” Hot-Swap SATA Drive Bays 

STARTING AT: $2,1 27 



King Star VMware SAS 3U System 


STARTING AT: $1,865 


3U Rackmount Server with 800W Power Supply 
Xeon Quad/Dual Core 1333MHz CPU 
Up to 128GB DDRII FB-DIMM MEM 
LSI LOGIC SAS PCI-E Controller 
Intel 82575 Dual-Port Gigabit Ethernet Controller 
16 X 3.5” Hot-Swap SATA Drive Bays 


Call now to configure the RIGHT system for you! 

»Intel Premier Provider 

» Fast lead time. System ready in as soon as 2 days 
» Reliable and dependable systems, build with highest quality components 
» Our valued customers: Nokia, Intel, Juniper, Tivo... 


SUPERMICRI 


Free $100 
Gas Card 


Chevron 



If your system is not shipped the next business day! 

We are confident that you will get the best quote from us! 




Tel: (800) 875-8590 Fax: (408) 736-4151 
Email: sales@kingstarusa.com 


KING STAR COMPUTER Ruckmoufit ScvveY Speciulist 


www.kingstarusa.com 1259 Reamwood Ave. Sunnyvale CA 94089 






























REVIEWS 


r 


Indamixx: an On-the-Go 
Recording Studio? 

The Indamixx portable recording studio is built around a Linux multimedia real-time 
operating system and provides an unprecedented level of software integration and 
refinement for audio tasks, dan sawyer 



You've wanted to be a 

record producer, right? Or, 
you've wanted to be able to 
set up and record impromptu 
interviews and panels at 
tradeshows and conventions? 

What if you could do it all, 
on Linux, with a couple 
decent mics and a device 
you can carry in your pocket? 

Ever imagined being able to 
produce original content 
everywhere? 

You don't have to 
imagine anymore. Since 
November 2008, a little 
company called Indamixx has 
been putting out just such a 
marvel. Built on a Samsung Q1 Ultra 
chassis, this little handheld does its 
best to deliver on a very impressive list 
of marketing promises. 

I unwrapped this lovely little toy box 
and had it virtually glued to my hip for 
the five weeks I reviewed it. It starts 
up fast; it works slick; the physical and 
virtual interfaces are very well put together, 
functional and fast. It did almost 
everything I asked of it, and its battery 
life was impressive on top of it all. 

In the course of my review, I edited 
a half-hour radio drama, recorded a 
five-person roundtable podcast over 
Skype, did an extensive amount of 
blogging, wrote two articles for Linux 
Journal, did a couple photo shoots and 
composed a couple tunes, and took it 
round to a club for a shakedown. 

The Good 

In terms of advertised features, the Q1 
was an excellent platform to begin 
with. Touchscreen-based with three USB 
ports and a monitor jack, it docks easily 
at a desk and moves quickly with you. 
The screen is clear and contrasty 


enough to do work on its own most of 
the time, at least for work where you 
don't need a lot of vertical resolution 
(the drawback of the ultra-widescreen 
aspect ratio). 

It's very small, light and only 
marginally more difficult to lug around 
than an iPod. At first blush, it's a hell 
of a little gadget. 

Appropriate for its intended task, it 
has a pair of built-in stereo microphones 
that do proper left/right separation and 
exhibit a serviceably low noise floor 
for casual interviews and note taking. 

I put those microphones to the test in 
a couple interviews and, even while 
driving, they exhibited good enough 
discrimination for transcription. Score 
one for the Indamixx. 

Of course, those are all properties of 
the hardware layer, which is a commod¬ 
ity device made by Samsung and can be 
had off the shelf for about $800. The 
real genius of this box is that the folks 
at Trinity Audio who designed it paid a 
lot of attention to detail in their choice 
of software packages as well. The Q1 
is a pretty anemic hardware platform 


from the spec sheet, but 
Trinity managed to pull out 
every spare processor cycle 
from this. 

Pro-audio applications in 
all flavors of Linux—Ardour, 
energyXT, Rosegarden and 
so on—all run atop the 
recursively named Jack 
Audio Connection Kit 
(JACK), a real-time server 
layer that gives pro-audio 
apps direct, low-latency 
access to the DSPs and MIDI 
devices. Digital Audio 
Workstations (DAWs) built 
on Linux must play nice 
with JACK, and "playing 
nice" can be measured in two ways: 

1. How easy is it to get real-time 
performance out of JACK? 

2. How many of the distribution's 
applications come prebuilt for 
JACK compatibility? 

The answer to #1 should be pretty 
easy, because a real-time kernel patch 
is available for most distributions, and 
if it isn't available for yours, you 
always can build it. But, it isn't all 
that easy. The processes your distro 
runs, the other kernel modules you 
load and a dozen other things about 
distro architecture can make the 
difference between a system that will 
serve you well and one that will drive 
you bonkers. Because of this, the 
various Linux distributions do so with 
varying degrees of success, from 
the just-plain-awful vanilla SUSE to 
the tolerable Ubuntu Studio to the 
excellent 64 Studio. 

As for question #2, there is a simi¬ 
lar gradient among distributions for 


56 I july 2009 www.linuxjournal.com 





























The Capabilities 

I found that the Indamixx can connfortably nnaintain real time on its internal hard 
disk while recording four tracks simultaneously or when playing back four with 
reverb and other complicated effects applied. 


JACK compatibility with application 
packages, from the "just about noth¬ 
ing unless you compile it yourself" end 
to the "almost anything you could 
want" end of the spectrum. 

So, how does the Indamixx's OS, 
called Transmission, stack up? Not 
to put too fine a point on it, but it 
is hands down the best-engineered 
Linux distribution I've ever laid my 
eyes on. Trinity took the best-of- 
breed 64 Studio distro and made 
it better, getting every program to 
route through JACK, including such 
normal recalcitrants as Skype and 
Flash—and did it all so well that I 
very rarely encountered any xruns, 
even when recording while I browsed 
the Web, and even when hooked 
up to notoriously slow external USB 
pro-audio gear. 

The Indamixx recognized the afore¬ 
mentioned pro-audio gear without 
batting an eye—both the mixing 
surfaces and the A/D converters, and 
pretty much the only thing I found 
myself wanting was more USB ports 
(advice: use a hub with this thing). It 
played nice with Samba (though not 
NFS) right out of the box. Its Wi-Fi 
found signals where both of my lap¬ 
tops have trouble locking on, and even 
with my stubby fingers, the built-in 
thumb-keyboard and touchscreen 
were a breeze to operate. 

The power management features 
also worked without a hitch—from 
blanking to sleep to hibernation, I 
encountered none of the problems 
that portable users commonly 
encounter on Linux. Add that to the 
startup time of less than a minute, 
and you've got a device that seems 
ideal for its advertised ends: 

■ Recording and mixing. 

■ Building dance loops and remixes. 

■ DJing. 

■ Podcasting. 

■ Mastering. 

The Indamixx's list of software 
packages is no less impressive. The 
selection of programs is deliberate 
and lean. Everything one needs to 
accomplish, virtually any audio task. 


as well as some video and other 
graphics tasks, comes installed and 
built with a number of performance 
enhancements: GIMP, Blender, 

Ardour, a portable version of Firefox, 
the commercial DAW program 
energyXT, SHOUTcast and DJ mixing 
software, hundreds of LADSPA plug¬ 
ins, a properly functioning VST server 
(another rarity on Linux), the always- 
handy Skype and a boatload of remix 
samples and MIDI voices. 

The Bad 

The Indamixx is advertised as an all¬ 
purpose DAW and is heavily marketed 
to DJs and those who work with live 
music. That means the people most 


likely to buy this device also are those 
most likely to use it in nightclubs and 
dive bars. 

Such environments are filled with 
a number of hazards that, frankly, the 
designers of the Q1 and those who 
picked it as the Indamixx platform didn't 
consider. Those hazards include such 
things as spilled drinks, smoke, ash 
and particulates from pyrotechnics, 
high humidity and high temperatures, 
high levels of vibration (from speakers) 
and so on. 

In addition, there are ergonomic 
issues that make working with the 
Indamixx in a club situation some¬ 
what less than optimal. Simply put, 
it doesn't fit anywhere, and it's easily 



Gigabit ports / MULTI-Gig options 
High-capacity bandwidth plans, including: 

* 3000 GB/month for $200 

* 5000 GB/month for $375 

* 10000 GB/month for $800 
Custom clusters with private VLANs 

Flexible storage and RAID options 

Intel Premium Partner 

Numerous OS choices (Linux or Windows) 
FREE 24x7 "6-Star" support 


www.CARI.NET/LJ 

888.221.5902 


carmet 

Better Servers. Better Service 


www.linuxjournal.com ju ly 2009 I 57 



















REVIEWS 


How to Clean Your Gear 

So, someone has spilled beer on your gear, or it's gotten so gummed up with tar 
and gunk that it's not working anymore. What do you do? 

First, if the offender is a liquid, cut the power immediately. If the unit has batteries, 
pop them out. If it's plugged into the mains, pull the plug. The sooner you do this, 
the more likely you are to save the unit. Once this is done, you can proceed on a 
non-emergency basis. 

Second, get yourself some deionized water. It's important that you use completely 
fresh water that's been filtered by deionization, rather than by any other process. 
This removes all of the electrical potentiality from the water (as well as the electrolytes), 
so it's safe to use to clean your gear. 

Third, disassemble the equipment and bathe all of the affected parts in the water. 
Scrub (with a clean, static-free cloth) any tars, residues, sugars or anything else 
off the gear. 

Fourth, seal each piece in a ziplock bag or airtight container with either uncooked 
rice or (preferably) silica gel to dry. Leave it there for several days. 

Finally, reassemble the gear, taking care not to subject it to static discharge. 

At this point, so long as you've put everything together properly, your gear should 
once again be in perfect working order, unless something fried during those first 
few seconds. This procedure works equally well for mixing boards, amplifiers, 
laptop computers, hard drives and rack gear. 


knocked off the edge of a table. 
There is no custom mounting hard¬ 
ware available for it, which means 
its hazard risk is at maximum in a 
club environment. 

Let's face it, the Indamixx is flimsy. 
Despite its solid feel, the Q1 Ultra is 
made of thin, brittle plastic—difficult 
to disassemble and upgrade despite 
being user-serviceable and easy to 
break during service. Similarly, its 
touchscreen is ill-protected and prone 
to scratching (not to mention break¬ 
ing if dropped), and there is no cus¬ 
tom hard case available for the unit 
that adequately protects the screen. 
Worse still, it's a hard-disk-based 
machine, and the hard disk is neither 
shock-resistant nor mounted with 
shock absorbers. This means that, 
when running, a fall from desk height 
onto a hard floor has a very good 
chance of irrecoverably crashing the 
heads. Given the purposes for which 
this unit is advertised, it isn't in the 
least bit moisture- or smoke-resistant. 
Not all the ports have protectors; 
there's no sealing grommet at the 


seams, and the ventilation holes have 
no splash screen. 

Of course, very few computers of 
any form factor are hardened against 
these kinds of hazards, and even 
fewer at this price point. Because of 
that, it might seem kind of petty to 
complain about those things, but the 
folks at Trinity Audio have advertised 
this remarkable handheld as being 
suitable for tasks that it simply can't 
stand up to long term, and that's not 
good for anybody. 

The Ugly 

A couple other minor points about 
this unit just aren't pretty, and they 
also have to do with the marketing 
literature. The Indamixx's sales 
brochure advertises the ability to 
record at 96KHz in 32-bit float for¬ 
mat, and although this is technically 
true (that is, the hard disk will keep 
up with it), it implies that what you 
get in the box is what you need to do 
this, and that simply isn't true. The 
unit comes with no pro-audio inter¬ 
face, nor did it come with a list of 


compatible hardware so that some¬ 
one building a studio around this unit 
could select an appropriate A/D con¬ 
verter (at the time of this writing, a 
list of such devices can be found on 
the Web site, but I have no way of 
knowing whether the list is included 
with the product). 

The other ugly point is the price. The 
unit retails for just under $1,200, which 
is pretty steep. 

The Verdict 

I love the Indamixx. I wish I could afford 
one. I had more fun and got more work 
done with this little thing than I ever 
expected. It has, bar none, the best 
multimedia implementation of Linux I 
ever have seen—the care that has gone 
into the software design on this unit is 
nothing short of astounding. 

The problem is, this unit is ill- 
adapted for the very environments 
I'd use it in most: bars, nightclubs, 
restaurants, film sets and other 
rugged on-the-go situations. It's not 
robust enough to do the very tasks 
for which it is otherwise ideal. 

Because of that, I can't give it my 
unconditional recommendation, much 
as I'd like to. If you have the $1,200 to 
spare and need to do a lot of audio 
work on business trips, planes or at 
conventions, this is the ideal machine 
for you. If you're looking for something 
that'll hold up well in hard-core produc¬ 
tion situations, you'd be better off 
buying the $600 laptop model that 
Indamixx also sells and spending some 
of the balance on hardening the 
machine to make it safe for the environ¬ 
ments where you're going to be work¬ 
ing. Perhaps dropping some of the 
spare cash on a good pro-audio inter¬ 
face also would be a good idea. This 
solution won't give you something quite 
as portable, but it will give you almost 
all of the good points of the Indamixx's 
exquisite portability and software design 
without being constrained by its pro¬ 
found drawbacks. ■ 


Dan Sawyer is the founder of ArtisticWhispers Productions 
(www.artisticwhispers.coni), a small audio/video studio in 
the San Francisco Bay Area. He has been an enthusiastic 
advocate for free and open-source software since the late 
1990s. He currently is podcasting his science-fiction 
thriller Antithesis snd his short story anthology Sculpting 
God. He also hosts “The Polyschizmatic Reprohates Hour”, 
a cultural commentary podcast. Author contact information 
is available at www.jdsawyer.net. 


58 I july 2009 www.linuxjournal.com 





Linux News and Headlines 
Delivered To You 

Linux Journal topical RSS feeds NOW AVAILABLE 



http://www.linuxjournal.com/rss feeds 











The Java API 
to Android’s 
Telephony Stack 


Start writing your own 
Android telephony 
applications using the 
Android Java API, and 
discover the under- 
the-hood workings of 
a cellular telephony 
software stack. 

Alexander Sirotkin 


A S a Linux Journal reader, you’ve probably stumbled across 
Google Android here and there. You’ve probably read an 
introductory article or maybe you even downloaded an SDK 
and coded an application or two. If you haven’t, I encourage 
you to do so, as this article is not an Android overview. I’m not 
going to talk about the Android architecture and application development; plenty 
of good articles already exist on those subjects. See this article’s Resources for 
some links to Google video lectures about the Android architecture and Android 
application basics. However, if you have some basic knowledge of Android and 
would like to learn a bit about cellular telephony and how it is implemented in 
Android, this article is for you. 

Android is all about applications. Almost every article and discussion on this 
subject revolves around the SDK, the Dalvik Java VM and the Android Market. In 
fact, it is quite difficult to find an Android article that doesn’t mention applications. 
With all this hype, it’s easy to forget that the Google phone is, after all, a phone, 
which (surprise, surprise) is supposed to make phone calls. So, this article takes 
a different route and instead of focusing on applications, it focuses on Android 
telephony—from the application API down to the cellular baseband hardware. 
This part of Android is not very well documented, but fortunately, Google has 
released most of the code under the Apache open-source license. 

Before I start talking about APIs, daemons and all the really interesting stuff, 
it’s worth mentioning that although it seems like Android has all the hype, at least 
as far as Linux-based mobile phones are concerned, when you look at the facts, 
you will discover that actual Android adoption is far more modest than what Google 
would like you to believe. Currently, only one company (HTC) manufactures 
Android-based phones, and it has two variants sold by T-Mobile. A few other 
companies (Samsung, for instance) have announced that they are going to 
launch an Android-based phone some time during 2009. There are actually a few 
dozen other Linux-based mobile phone models on the market that are based on 
a competing platform, described in more detail below. 


60 I july 2009 www.linuxjournal.com 




Mobile Phone Hardware Architecture 

Before going into software, it is important to understand 
the underlying cellular telephony hardware architecture. 
Unfortunately, there are no standards in this area, and every 
model from every company may look completely different. 
Still, there are some common ideas and industry trends in 
cellular reference designs; a block diagram of cellular phone 
basics is shown in Figure 1. 



Figure 1. Simplified Cellular Phone Hardware Block Diagram 

Figure 1 omits many crucial hardware components that 
have nothing to do with software architecture and, therefore, 
are not very relevant in the context of this article—after all, the 
goal here is to understand the telephony software stack. 

Sometimes the application and communication (or baseband) 
processors are, indeed, different chips. However, more often 
than not, both CPUs reside on the same die or at least the 
same package. This is the case with the HTC/T-Mobile G1, 
which is based on a Qualcomm MSM7201A multicore CPU 
and includes an application processor (ARM11), a communica¬ 
tion processor (ARM9) and some other cores, including a GPS. 
Sometimes a single CPU is used for both application and base¬ 
band tasks, usually in simple low-end phones. The distinction 
between application and communication processors is especially 
important in the context of software: when there is only one 
core used for both application and communication processing, 
the software stacks are quite different. 

The application processor usually controls the screen and 
keyboard and runs the software stack that interacts with the 
user, including various applications. It usually runs some 
generic operating system, such as Linux, Windows Mobile or 
Symbian. The communication processor runs a cellular protocol 
stack on top of some RTOS, such as Nucleos or Thredx. 
Although the application software can be open source in some 
cases, the cellular protocol stack always is distributed as binary 
only. The PM chip is responsible for power management, and 
the RF for conversion of baseband to radio frequencies. Other 
peripherals, such as the LCD, keypad, speaker and microphone 
do not need further explanation. 

It is important to note that the communication processor is 


With all this hype, it’s easy to 
forget that the Google phone 
is, after all, a phone, which 
(surprise, surprise) is supposed 
to make phone calls. 

responsible for cellular communications only (both voice and 
data). Wi-Fi, Bluetooth and other communication protocols 
are beyond the scope of this article, as they are conceptually 
different and often better documented. 

Google Android 

Android is a software stack for mobile phones. It includes a 
modified version of the Linux OS, middleware (which is the 
topic of this article) and some applications. The SDK is avail¬ 
able free of charge and can be downloaded from the Google 
Web site. The Android sources also are available and can be 
fetched from a GIT repository, although some important parts 
are missing. 

Official Android Telephony 

As shown in Figure 2, Android consists of a runtime, libraries 
and application framework modules. 


Applications 


/ -\ 


' T Party ' 

Phone 


Telephony 

k ) 


Q. 

CL 

< 


/framework 


^ Libraries 



f 






Runtime (Java VM & Libraries) 


RIL Daemon 



J 



) 



J 

^Linux Kernel 






/ 

> 





RIL 






Driver 






V 

> 



y 

'uommunication Processor 


y 



/ 

Cellular 





Protocol 





Stack 







j 


Figure 2. Android Architecture Block Diagram 

Figure 2 shows only the modules that implement telephony 
functionality; for a more detailed diagram, refer to the Google 
Android overview page. 

Telephony manager, which is part of the Android application 


/-\ 

Telephony 

Manager 

k___ ) 


Internal 

Telephony 

Package 


www.linuxjournal.com ju ly 2009 I 61 
































































FEATURE The Java API to Android’s Telephony Stack 


GSM AT Commands 


AT commands are the most common interface between 
cellular application and baseband processors, used by the 
majority of the cellular software stacks, including Android 
They are defined in the 3GPP standard 27.007. They can 
be divided roughly into the following groups: 

■ Call control commands, such as ATD to dial a number. 

■ Network service commands, such as AT+CREG for 
network registration. 


■ Mobile control, such as AT+CPBR to read a phone book. 

■ SMS commands, such as AT+CMGS to send an SMS. 

■ GPRS commands, such as AT+CGDCONT to define 
PDP context. 

Many other commands exist, including some nonstandard 
vendor-specific commands. For a more detailed description, 
refer to the latest standards document. 


framework, provides a telephony API to user applications. It 
consists of the android.telephony and android.telephony.gsm 
Java packages. This official telephony API is fully documented 
in the Android developer reference guide, so I don't describe it 
here in detail. It is far more interesting to check what impor¬ 
tant functionality is not included in this API, which turns out to 
be quite a lot. The current Telephony Manager API is mostly 
limited to providing phone and network status information, 
such as call state (idle, offhook or ringing), network operator 
name, roaming state and so on. The only parameters you can 
change are network operator name and selection mode, using 
the setOperatorNameQ and setlsManualSelectionQ calls, 
respectively. And, the only action you can perform is SMS, 
using sendDataMessageO and sendTextMessageQ. This API is 
rather spartan to say the least, and it lacks many important 
functions. For instance, it is hard not to notice that all voice-call- 
related functionality is missing, yet some (platform) applications, 
such as Phone, manage to implement it. 

This API is rather spartan to 
say the least, and it lacks 
many important functions. 

Not only is this API not sufficient to create any useful 
telephony applications, it also is rather inconsistent. There is 
no clear architecture behind the class structure, and it is not 
obvious how support for other RATs (radio-access technologies) 
apart from GSM, such as CDMA200 and LTE, will work. 

The RIL Telephony 

The first thing you discover when you look at the Android 
telephony API in detail is that it is not fully open. There is a lot 
of important functionality in the com.android.internal.telephony 
package. For instance, the Phone application uses this internal 
API to make/answer a call and access the SIM. This API is not 
documented. It can and probably will change in the future, 
and generally, it is not intended for use by applications that 
are not part of the Android platform—so much for the 
"All applications are created equal" motto. Fortunately, this 
API is documented pretty well in the source code of the 


Base framework module, which can be found under the 
frameworks/base/telephony/java/com/android/internal/telephony 
directory inside the Android sources. 

The architecture block diagram shown in Figure 2 implies 
that privilege—that is, platform telephony applications use the 
com.android.internal.telephony package, although mortals are 
stuck with android.telephony. 

This internal framework module communicates via UNIX 
domain sockets with the RIL (Radio Interface Layer) daemon 
rild, which is written in C as one would expect (not Java). The 
majority of the telephony functionality of the RIL daemon is 
implemented in the RIL library. Both the RIL daemon and the 
library sources, along with a reference RIL driver, can be found 
under the hardware/ril directory. The RIL daemon communi¬ 
cates using AT commands with either the RIL kernel driver (via 
the read/write interface when it is running on real hardware) 
or with the SDK emulator (via the socket interface). The RIL 
kernel driver is probably just a dumb pipe that forwards AT 
commands to the baseband processor via the appropriate 
hardware interface. Unfortunately, this part of Android 
telephony is neither documented nor open source. There 
is only a so-called reference RIL implementation in the 
hardware/ril/reference-ril directory. So, one has to guess what 
exactly goes on down there on real hardware. The reason this 
part is not open source is probably the same reason as the one 
that prevents some companies from releasing Wi-Fi firmware— 
regulations in many countries do not allow for manufacturers 
to provide direct access to radio hardware to end users. 

Going back to the internal telephony API of the 
com.android.internal.telephony package that platform 
applications such as Phone use, you will find that the most 
important methods are in the Phone and SimCard interfaces 
as well as the Call and Connection abstract classes. The source 
code below shows some of the most important methods. 

The Phone interface has methods that are used to place, 
accept or reject a call: 

public interface Phone { 

Connection dial(String dialString) throws CallStateException; 
void acceptCallO throws CallStateException; 
void rejectCallO throws CallStateException; 
void setMute(boolean muted); 


62 I july 2009 WWW. linuxj ournal.com 



void startDtmf(char c); 
void sendDtmf(char c); 
void stopDtmf0; 


} 


A Call object is created when you answer a call, and 
the Call class methods implement call-related functionality 
allowing you to, among other things, hang up: 

public abstract class Call { 

public abstract void hangupO throws CallStateException; 

public boolean isRingingO 

public abstract boolean isincoming(); 


} 


The Connection class is related to the Call class shown 
above. A Call can have a number of associated Connection 
classes accessible via the getConnectionsQ method, while the 
Connection class has a reference to the corresponding Call, 
returned by the getCallQ method). To be honest, I didn't 
manage to understand from the Android source code when 
and why there would be multiple connections in one call. 
Some telephony routines work with the Call class—for 
instance, those used to answer the call. Others work with the 
Connection class—for instance, it is returned by the dial() 
method of the Phone class. As you can see from the list of 
important Connection methods, their functionality is similar: 

public abstract class Connection { 

public abstract void hangupO throws CallStateException; 

public boolean isRingingO 

public abstract boolean isIncomingO; 


} 


Finally, the SimCard interface provides an access to a SIM 
card via methods that allow users to supply a PIN (Personal 
Identification Number) and a PUK (Personal Unblocking Key), 
which is used to unblock the PIN: 


public interface SimCard { 

void supplyPin(String pin, Message onComplete); 

void supplyPuk(5tring puk, String newPin, Message onComplete); 

void supplyPin2(String pin2, Message onComplete); 

void supplyPuk2(String puk2, String newPin2, Message onComplete); 

State getStateO ; 


} 


The SIM state, returned by the getStateO method, can be 
either ready, PIN/PUK required or network locked. 

If you are interested in the Phone interface implementa¬ 
tion, you should check the PhoneBase class that implements 
some of its methods. The rest, which are RAT-dependent, 
can be found in GSMPhone, which extends the PhoneBase 
class and is part of the com.android.internal.telephony.gsm 
package. The SimCard interface and the GsmSimCard class, 
as well as Call and GSMCall, follow the same approach. GSM 


W ASA 

Computers 


Want your business to be more productive? 

The ASA Servers powered by the Intel Xeon Processor provide the 
quality and dependability to keep up with your growing business 

Hardware Systems for the Open Source 
Community - Since 1989. 

(Linux, FreeBSD. NetBSD, OpenBSD, Solaris, MS, etc 


1 


lU Server-ASA1401i 



- 1TB Storage Installed. Max - 3TB. 

. Intel Dual core 5030 CPU (Qty.l), Max-2 CPUs 

- 1GB 667MGZ FBOIMMs Installed. 

- Supports 16GB FBDIMM. 

- 4X250GB htswap SATA-11 Drives Installed. 

- 4 port SATA-II RAID controller. 

2X10/100/1000 LAN onboard. 


2U Server-ASA2121i 


-4TB Storage Installed. Max - 12TB. 

- Intel Dual core 5050 CPU. 

- 1GB 667MGZ FBDIMMs Installed. 

- Supports 16GB FBDIMM. 

-16 port SATA-II RAID controller. 

- 16X250GB htswap SATA-II Drives Installed. 
-2X10/100/1000 LAN onboard. 

-800w Red PS. 



I 


3U Server-ASA3161i 



- 4TB Storage Installed. Max - 12TB. 

- Intel Dual core 5050 CPU. 

-1GB 667MGZ FBDIMVIs Installed. 

- Supports 16GB FBDIMVL 

-16 port SATA-II RAID controller. 

- 16X250GB htswap SATA-II Drives Installed. 
-2X10/100/1000 LAN onboard. 

- 800w Red PS. 


5U Server-ASA5241i 


- 6TB Storage Installed. Max - 18TB. 

- Intel Dual core 5050 CPU, 

- 4GB 667MGZ FBDIMMs Installed. 

- Supports 16GB FBDIMM. 

- 24X250GB htswap SATA-II Drives Installed. 
24 port SATA-II RAID. CARD/BBU. 

- 2X10/100/1000 LAN onboard. 

- 930W Red PS. 



8U Server-ASA8421i 



- 10TB Storage Installed. Max - 30TB. 

- Intel Dual core 5050 CPU. 

- Quantity 42 Installed. 

- 1GB 667MGZ FBDIMMs. 

- Supports 32GB FBDIMM. 

- 40X250GB htswap SATA-II Drives Installed. 

- 2X12 Port SATA-II Multllane RAID controller. 

- 1X16 Port SATA-II Multllane raid controller. 
-2X10/100/1000 LAN onboard. 

- 1300 W Red Ps. 


All sysieins Installed am lasted with user's choice at llnus 


distrihutlen Ifreel. ASA Callscatisn—$75 ler manth 



2354 Calle Del Mundo, 

Santa Clara, CA 95054 
www.asacomputer$.com 
Email: sales@asacomputers.com 
P: 1-800-REAL-PCS | FAX: 408-654-2910 

Intel®, Intel® Xeon"*, Intel Inside®, Intel® Itanium® and the 
Intel Inside® logo are trademarks or registered trademarks of 
Intel Corporation or its subsidiaries in the United States and 
other countries. 

Prices and availability subject to change without notice. 

Not responsible for typographic errors. 



Xeon' 

inside- 

Powerful. 

Efficient. 
















FEATURE The Java API to Android’s Telephony Stack 


currently is the only RAT supported by the Android platform, 
but Qualcomm has announced that it is working on CDMA2000 
support. More technologies, such as LTE (Long Term Evolution), 
may be supported in the future. 

Another important class is Telephonyintents, which defines 
intents—that is, events (in Android parlance) that the telephony 
framework can produce: 

■ ACTION_SERVICE_STATE_CHANGED: the phone service 
state has changed. 

■ ACTI0N_SIGNAL_STRENGTH_CHANGED: the phone's signal 
strength has changed. 

■ ACTION_ANY_DATA_CONNECTION_STATE_CHANGED: 
the data connection state has changed for any one of the 
phone's mobile data connections. 

■ ACTION_DATA_CONNECTION_FAILED: an attempt to establish 
a data connection has failed. 

■ ACTION_SIM_STATE_CHANGED: the SIM card state 
has changed. 

The Phone application (in the PhoneUtils class of the 
com.android.phone package) uses these methods to place 
or answer a call in the following way: 

public class PhoneUtils { 

static boolean answerCall(Phone phone) { 


far, this sounds very much like Google Android, but when you 
look closer, you discover many important differences. First, 
LiMo is a consortium of many companies, while Android is 
a pure Google affair. Among LiMo's members are cellular 
operators, mobile phone manufacturers, semiconductor 
companies and software vendors—pretty much the whole 
mobile industry. Member companies include NEC, NTT 
DOCOMO, Samsung, Vodafone, Motorola and many other 
large telecom companies. 

Google and the Android Open Flandset Alliance (OHA), 
on the other hand, are newcomers in this market, and they 
will have to persuade handset manufacturers to adopt their 
platform, which, in some cases, means ditching their own 
platform in favor of another one. The LiMo Foundation was 
created long before OHA, which explains why there are 
dozens of LiMo-based phones on the market, compared 
with only two Android ones. Note, however, that the OHA 
members list is impressive as well, and it continues to grow; 
many companies are members of both LiMo and OHA. 

Another important difference is that the LiMo Foundation 
does not provide an SDK. As a consortium, it is responsible for 
specifications only, and it defines a very clear and comprehensive 
specification of all the components of the LiMo platform, 
including a full telephony API both for applications and cellular 
modem vendors, which is once again something that Google 
Android lacks. The API was defined by companies having 
significant experience in this field, and it is not surprising that it 
includes all the telephony features one would expect, such as 
support for dialing/call answering, SMS, network selection, SIM 
access and more. It is up to LiMo's member software companies 
to produce LiMo-compliant SDKs. None are available at the time 


Call call = phone.getRingingCallO: 
phone.acceptCallO ; 


Applications 


} 


} 

static int placeCall(Phone phone, String number, Uri contactRef) { 


Connection cn = phone.dial(number); 


} 


The above code sample demonstrates only the most basic 
telephony functionality; however, along with the API outlined 
above, it should give you a good starting point for writing 
Android telephony applications. If you decide to do so, you 
probably won't be able to avoid having to dig in to the Android 
sources for more details. I hope having a bit more of an in-depth 
understanding of how cellular telephony works under the hood 
of the high-level Java API will help you in this endeavour. 

Note that this article is based on the Android 1.1 SDK r1 and 
the Android main git branch snapshot taken on March 24, 2009. 
Because Android is being developed constantly, some of the APIs 
mentioned in this article may have changed since that date. 

LiMo Foundation 

The LiMo Foundation is an industry consortium that defines an 
open, Linux-based software platform for mobile phones. So 




Middleware 



f \ 




/ \ 



z 




—) 



n> 

f 

q 


0 

c. 


(D 

(D 

■0 







0 



(a 


T1 


'< 



m 


& 


“n 



3 




3 





S 


§ 










V _ y 


_ j 


L _ J 









Linux Kernel 




\ 


Modem 



Driver 


\ 


2 


Communication Processor 



Cellular 


\ 

Protocol 

Stack 

_ 2 


Figure 3. LiMo Architecture Block Diagram 


64 I july 2009 WWW. linuxj ournal.com 






































of this writing, but a few companies made announcements 
during MWC09 (Mobile World Congress), and we should expect 
the first versions some time during 2009. 

The LiMo platform architecture shown in Figure 3 consists 
of an application manager and User Interface (Ul) frameworks, 
and middleware running on top of the Linux kernel which 
provides access to all hardware peripherals, including cellular 
modem and device drivers. 

Contrary to Android, applications are written in C/C++ 
instead of Java, and the Ul is based on GTK+. The LiMo plat¬ 
form provides applications with all the services that one would 
expect from a mobile phone software stack, such as Ul, application 
management, telephony, networking and messaging, IPC, 
multimedia, database, security and more. 

For more details about the LiMo architecture and API, 
check the relevant whitepapers on the LiMo Web site. 

Even though LiMo currently dominates the Linux-based 
phone market, Google Android has created a huge momentum 
that may change this situation. It also is possible that, in 
the end, each software stack will be used in its own niche: 
Android in the high-end smartphones and LiMo in more 
conventional devices. ■ 


Alexander (Sasha) Sirotkin has more than ten years’ experience in software, operating systems 
and networking. He currently works on the LTE (Long Term Evolution) Project at Comsys Mobile 
and lives with his wife and kid in Tel-Aviv, Israel. Alexander can be reached via e-mail at 
sasha.sirotkin [AT] gmail.com. 


Resources 


Short Android Architecture Overview: developer.android.com/ 
guide/basics/what-is-android.html 

An Introduction to Android: sites.google.com/site/io/ 
an-introduction-to-android 

Anatomy and Physiology of an Android: sites.google.com/ 
site/io/anatomy-physiology-of-an-android 

Inside the Android Application Framework: sites.google.com/ 
site/io/inside-the-android-application-framework 

Android SDK: developer.android.eom/sdk/1.1_r1/ 
index.html 

Android Source: source.android.com/download 

Open Flandset Alliance: www.openhandsetalliance.com 

LiMo Foundation: www.limofoundation.org 

LiMo API: www.limofoundation.org/en/ 
technical-documents.html 

3GPP Standards: www.3gpp.org 

GSM AT Commands: www.3gpp.org/ftp/Specs/ 
html-info/27007.htm 


Fldvertiser Index 

CHECK OUT OUR NEW BUYER'S GUIDE ON-LINE. 

Go to www.linuxjourndl.com/buyersguide where you can learn 
more about our advertisers or link directly to their Web sites. 

Thank you as always for supporting our advertisers by buying 
their products! 


Advertiser 

Page# 

Advertiser 

Page# 

ISrl Internet, Inc. 1 

www.oneandone.com 

O'Reilly OSCON 

en.oreilly.com/oscon2009 

49 

Aberdeen, LLC 

www.aberdeeninc.com 

5 

Polywell Computers, Inc. 

www.polywell.com 

23 

ASA Computers, Inc. 

www.asacomputers.com 

63 

Rackspace Managed Hosting 

www.rackspace.com 

C3 

Cari.net 

www.cari.net 

57 

SC World Congress 

www.scworldcongress.com 

33 

Coraid, Inc. 

www.coraid.com 

7, 79 

Saint Arnold Brewing Company 

www.saintarnold.com 

79 

Digi-Key Corporation 

www.digi-key.com 

79 

ServerBeach 

www.serverbeach.com 

51 

Emac, Inc. 

www.emacinc.com 

77, 79 

Servers Direct 

www.serversdirect.com 

9 

EmperorLinux 

www.emperorlinux.com 

41 

Silicon Mechanics 

www.siliconmechanics.com 

21, 47 

Gecad Technologies/Axigen 

www.axigen.com 

79 

StrayTats 

www.straytats.com 

79 

Genstor Systems, Inc. 

www.genstor.com 

67 

SynSeer 

fosshealth.eventbrite.com 

35, 79 

Hacker Halted USA 

www.eccouncil.org 

43 

Technologic Systems 

www.embeddedx86.com 

53 

King Star Computer, Inc. 

www.kingstarusa.com 

55, 71 

USENIX Security Symposium 

www.usenix.org/events/usenix07 

31 

Logic Supply, Inc. 

www.logicsupply.com 

69 

Ubiquiti Networks, Inc. 

www.ubnt.com 

C2 

Microway, Inc. 

www.microway.com 

C4, 3 

Utilikilts 

www.utilikilts.com 

79 

Mikro Tik 

www.routerboard.com 

13 

iXsYSTEMS, Inc. 

www.ixsystems.com 

25 

OpenSource World 

www.opensourceworld.com/live/12 

29 



ATTENTION ADVERTISERS 


October 2009 Issue #186 Deadlines 

Space Close: July 27; Material Close: August 4 

Theme: Hack This 

BONUS DISTRIBUTIONS: 

High Performance on Wall Street, VM World, ApacheCon 

Call Joseph Krack to reserve your space 
+1-713-344-1956 ext. 118, e-mdiljoseph@linuxjournal.com 


www.linuxjournal.com july 2009 | 65 





















































HACKING 

Your Portable 
Linux Server 

TURN A WESTERN DIGITAL MYBOOK II INTO A 
PERSONALIZED, PORTABLE LINUX SERVER. 


I n the past few months, a small community has been budding around the Western 
Digital MyBook II, a popular paperback-sized external hard drive. It quickly was 
discovered that the Ethernet-capable version was powered by an embedded Linux 
system, and a word-of-Web process started to break its security to gain SSH 
access, install additional services, tune functionality and more. It resembles the 
phenomenon spawned by the hacking-friendly Linksys WRT54G, albeit on a smaller scale. 

Thrilled by what I was seeing, I started to consider building a small appliance of my 
own, and Western Digital’s sudden revamping of its product line brought the eBay prices 
of older models below the $100 mark, which converged nicely with my manager’s request 
for a daily backup scheme enabling downtimes of less than a day should the worst 
happen to my laptop. 

So, off I went, intent on hacking out my own Linux-based NAS. I acquired two units: 
the smaller, single-drive 500GB model (less than $100 on eBay at the time of this writing) 
and a larger, RAID-capable, twin-drive model spanning one terabyte ($300 for a used unit). 
Given the ever-falling prices of hardware and the expanding product offering, you should 
be able to purchase these at lower prices or with larger capacities. It also is worth noting 
that nothing prevents carefully opening up the device’s innards and replacing the enclosed 
SATA drives with larger-capacity ones. One final bit of shopping advice: the drives 
addressed in this article are Ethernet-capable World Edition models, all of which have 
entirely white cases. 


FEDERICO LUCIFREDI 


66 I july 2009 www.linuxjournal.com 


THE HARDWARE 

Upon first inspection, the device resembles a small book, with 
a perforated. Morse-code patterned edge that enables vent- 
ing—if you actually decode the message, you will find a few 
words and a couple typos in it. The unit is rather silent and 
generates no more noise than the average hard drive. The 
front of the device sports two concentric LED rings, circling a 
single button used to power on and off the device. In addition 
to showing the on/off state of the device, the LEDs also are 
used to visualize disk activity as well as to provide a stylish disk 
capacity gauge (Figure 1). 



Figure 1. The Single-Drive Device Lurking on the Author’s Desk 

On the inside are one or two 500GB 7,200 RPM SATA 
drives and a small board housing an Oxford Semiconductor 
0XE800 ARM CPU with an ARM926EJ-S core, a 32MB Hynix 
RAM chip and the Via Cicada Simpliphy vt6122 Gigabit 
Ethernet chipset. The device also includes an externally accessi¬ 
ble USB port to supplement the RJ-45 Ethernet connector, and 
it supports AES-128 encryption in-hardware. Despite its limited 
RAM capacity, Linux's conservative use of resources puts little 
bounds on the uses the device reasonably can be put to by 
your creativity. Do not plan to saturate the Gigabit Ethernet 
link, however, because the CPU will not carry you much 
beyond 5MB/sec—a limitation that does not affect single- 
user backup or applications involving several users. 

The drives are ext-3 formatted in the World Edition series, 
as NAS access shields the predominant Windows and 
Macintosh user population from the actual filesystem choice— 



Genstor Systems, Inc 




Linux - FreeBSD - x86 Solaris - MS etc. 


Proven technology. Proven reliability. 

When you can’t afford to take chances with your business 
data or productivity, rely on a GS-1245 Server powered by 
the Intel® Xeon® Processors. 


Quad Core Woodcrest 


Ideal for high density ciustering in standard 1U form factor. Upto 16 
Cores for high CPU needs. Easy to configure failover nodes. 
Features: 

-1U rack-optimized chassis (1.75in.) 

- Up to 2 Quad Core Intel® Xeon® Woodcrest per 
Node with 1600 MHz system bus 

- Up to 16 Woodcrest Cores Per 1U rackspace 

- Up to 64GB DDR2.667 & 533 SDRAM Fully 
Buffered DIMM (FB-DIMM) Per Node 

- Dual-port Gigabit Ethernet Per Node 

- 2 SATA Removable HDD Per Node 
-1 (x8) PCLExpress Per Node 


Servers : : Storage : : Appliances 


780 Montague Express. # 604 
Sail Just!, CA90131 

Www.genstor.com 
□ma il: sa l es@gensto lr.com 

Phone: 1-877-25 SERVER or 1-408-383-0120 


Xeonr 


Intel®, Intel® Xeon®, Intel® Inside® are trademarks or registered trademarks of Intel Corporation 
or its subsidiaries in the United States and other countries. 

























FEATURE Hacking Your Portable Linux Server 


a detail that is exceedingly convenient, as it allows you to pull 
drives from the device and mount them in any Linux host for 
recovery should the support board ever fail. 

FIRST PACKETS 

Initially, you need to boot in the "World of Warcraft" partition 
of your system—the one running one of those proprietary 
operating systems—and install the Western Digital MioNet 
Access tools. You will need these only for the initial step—to 
find out what IP address your as-of-yet uncommunicative 
device has received from DHCP; you will not need the WD 
tools afterward. If you have a network sniffer set up, it may 
be faster for you simply to catch the DHCP assignment as it 
happens and save the time of registration and download. You 
also can check your DHCP server tables, if you have access to 
them, or simply read the data off the mounted Windows share 
that will be set up once you install the tools. Either way, once 
you are in possession of the IP address the device is using, you 
will point a Web browser to it and configure the settings that 
the Web interface exposes. You will be asked to provide 
authentication, which will match the credentials you created 
during the WD setup process, or, if you used a more exotic 
process, it will use the system defaults ("admin", with a 
password of "123456"). 

The device's built-in WD Shared Storage Manager (Figure 2) 
is a very lightweight and useful application, which you will 
leave enabled, even in this Linux-centric setup, as a convenient 
way to create users and carry out the most common configu¬ 
ration tasks. I recommend you take the time to configure most 
settings exposed here as part of your initial customization, as 
the convenience simply cannot be outdone. At a minimum, 
you should iterate over the General Setup section and config¬ 
ure your device name and workgroup (these configure Samba), 
date and time, and review your network settings. As preparation 
for the next step, you need to create a user (File Sharing^User 
Management) that you will use to log in at the console, as 
access via your existing Web administrator account will not 
be permitted. 



Figure 2. The built-in Web interface provides easy access to basic 
Samba configuration. 

One more change you should consider at this point is 
whether to set up RAID. The device supports two modes of 
operation: data striping (RAID 0), which has performance 


advantages and offers the total capacity of both drives com¬ 
bined, and data mirroring (RAID 1), which provides the storage 
capacity of only one of the drives but protects you by creating 
two fully redundant copies of your data. The default setting 
(Drive Management->Change Drive Type) is data striping— 
should you want to change it, this is the time to do it. Once a 
RAID rebuild is started, all data on the shared, nonsystem part 
of the drive will be lost. More important, although the drive 
shares will become writable in a few minutes while the rebuild 
is still underway, wait until it has completed entirely as you will 
need to tinker with the device's firmware upgrade path next 
(and triggering reboots while the RAID array is rebuilding is a 
surefire way to tempt fate into bricking your device). Just let it 
run overnight and come back to it the next morning. You can 
see whether the rebuild has completed by checking the drive 
status in the Shared Storage Manager; it will switch back from 
synchronizing to OK. 

VOIDING WARRANTIES 

To start unlocking the multifaceted abilities of this wonderful 
device, you first need to obtain console access. To be clear, this 
voids the device's warranty, as Western Digital obviously is not in 
the business of supporting Linux servers in all their possible con¬ 
figurations and software options, and that kind of flexibility is pre¬ 
cisely what we are after. Bear in mind that although these steps 
were researched and verified conscientiously, the author and Linux 
Journal accept no liability for rendering your device inoperable as 
a result of these instructions—proceed at your own risk. 

The WD Hacking community was spawned by Martin 
Hinner's creation of a backdoor process that uses the drive's 
built-in firmware update process to reset the device's root 
password, spawn the SSH daemon and generate the SSH host 
keys. Just like everyone else, let's head to Martin's Web page 
(see Resources) and follow the instructions found there. In 
effect, all you have to do is navigate to a URL on your device. 
The URL includes a GET parameter for the upgrade script to 
run. The parameter references a script on Martin's site, but this 
script, rather than performing an upgrade, generates SSH 
keys, clears the root password and starts the SSH daemon. 

Once the "upgrade" is initiated, you will not receive feed¬ 
back on the Web page that it has completed, and you proba¬ 
bly should not do anything to your device in this interval, lest 
you rouse those bricking fairies. Simply wait three minutes, 
then start attempting to log in via SSH with the user (not 
administrator and not root) account you created earlier in 
the Shared Storage Manager. As soon as you see the SSH 
daemon respond with a login prompt, you will know the 
break-in succeeded. If you set up your user account correctly, 
you will be able to log in. If you are having trouble logging 
in, take care that your user name is spelled in CAPS (ssh 
USER@ipaddress), as you will note that the user management 
Web interface creates all accounts in that fashion. One more 
troubleshooting tip: the latest firmware revisions actually 
output a message that the update has failed, although the 
SSH daemon has, in fact, been spawned successfully and is 
ready for your connection. 

Once successfully logged in to your device, you can esca¬ 
late your privileges by switching user to root (su -) as the 
superuser password is now blank. You will need to carry out a 
few tasks—the first one of which is adding the SSH daemon to 


68 I july 2009 WWW. linuxj ournal.com 















the default startup list to ensure that your newly gained access 
lasts past your next reboot. Head to /etc/inittab, and add the 
following after the system startup section: 

# start a few good daemons 
: : sysinit:/usr/sbin/sshd 

After making your changes, make sure they have been 
written to disk by doing a "sync", and fix a few details of your 
user account, such as granting yourself a home directory and 
possibly a lowercase user name. Do all your/etc/passwd and 
/etc/shadow housekeeping before rebooting to verify that the 
SSH daemon is now spawning by default and that your user 
accounts are working as intended. 

GRAND TOUR 

You're past the most difficult point; now you can proceed to 
explore the system and tweak it to your heart's content. Unless 
you plan to use the MioNet service, some recommend switch¬ 
ing its daemon off, as it is a Java process that weighs on both 
CPU and RAM. As the MioNet service enables wide-area file 
sharing, I elected to turn off the service, but to do so cleanly, 
in case I decided I needed the functionality after all. Edit 
/etc/init.d/post_network_start.sh, and comment out line 17 
of the script: 

$SCRIPTS_PATH/crond.sh start 

# $SCRIPTS_PATH/mionet.sh start 
touch $POST_NETWORK_STARTED_FILE 


This stops the daemon from being spawned automatically 
at boot, but if you need its services, you can start it up from 
the Shared Storage Manager interface (General Setup^WD 
Anywhere Access) as needed, giving you the best of both worlds. 

The system is built around a 2.6.17.14 kernel, with 
BusyBox centralizing many of the command-line tools. There 
are no man pages, but the system is an otherwise reasonable 
minimal Linux instance, including the majority of the common 
management levers (ps, top, free, ifconfig, wget and so on) 
as well as a development toolchain with all the trimmings 
(gcc 3.4.2, gmake and so on), enabling you to build any 
software that may be missing. The mounts show a good 
picture of the device: 

# df -h 


Filesystem 

Si ze 

Used 

Avai 1 

Use% 

Mounted on 

rootfs 

2.8G 

277M 

2.4G 

11% 

/ 

/dev/root 

2.8G 

277M 

2.4G 

11% 

/ 

/dev/md3 

950M 

19M 

884M 

3% 

/var 

/dev/md4 

455G 

199M 

455G 

1% 

/shares/internal 


It also is worth mentioning that on the dual-drive unit, 
the system partitions are mirrored by default, regardless of 
the RAID state of the share space: 

# cat /proc/mdstat 
Personalities : [linear] [raidl] 
mdl : active raidl sdbl[l] sdal[0] 

2939776 blocks [2/2] [UU] 


SMALL, EFFICIENT COMPUTERS WITH PRE-INSTALLED UBUNTU. 


3677 Intel Core 2 Duo Mobile System 

Range of Intel-Based Mainboards Available 


GS-L08 Fan less Pico-ITX System Excellent for Mobile 8c Desktop Computing 

Ultra-Compact, Full-Featured Computer 
Excellent for Industrial Applications 



DISCOVER THE ADVANTAGE OF MINI-ITX. 


Selecting a complete, dedicated platform from us is simple: Pre¬ 
configured systems perfect for both business 8c desktop use, Linux 
development services, and a wealth of online resources. 


* ubuntu 

^ solution 
^ provider 


LOGIC 

SUPPLY 

www.logicsupply.com 

























FEATURE Hacking Your Portable Linux Server 


md2 : active raidl sdb2[l] sda2[0] 
104320 blocks [2/2] [UU] 

md3 : active raidl sdb3[l] sda3[0] 
987904 blocks [2/2] [UU] 

md4 : active linear sdb4[l] sda4[0] 
1945407104 blocks 64k rounding 

unused devices: <none> 


Another important detail is the behavior of the power but¬ 
ton: regulated by a small daemon also controlling the LEDs, it 
will bring the device down performing a proper reboot if 
pressed for two seconds, or it will cause a soft shutdown if 
held for four seconds—train yourself to recognize the light 
schemes by looking at the device when you issue software 
reboots (the device has a hard reset button on the back were 
it to become seriously wedged). Besides looking wicked cool, 
the LED rings visualize both disk activity and available disk 
space, as well as RAID failures, joining form and function. 

NETWORK AND DISCOVERY 

If you followed my advice to set the device name and work¬ 
group earlier, your hostname is taken care of already. The 
device boots in DHCP mode by default, which can be altered 
easily for those who want a tiny, power-conscious but rather 
homebound server at their disposal. I find the greatest promise 
of the WDMBII in its easy mobility, however, and that poses 
the question of how to recognize its location quickly in a new 
setting—nothing that a good bit of scripting cannot fix. 

Besides looking wicked cool, 
the LED rings visualize both 
disk activity and available disk 
space, as well as RAID failures, 
joining form and function. 

The first approach to this is to have the device notify you 
of its IP address as it boots. I personally leverage instant 
messaging for these sorts of system notifications and have an 
"automation" group in my contact list featuring several borg- 
looking avatars that are authorized to send me all manner of 
alerts when the situation warrants. The key to this script is the 
SendXMPP tool (see Resources), which provides the ability to 
send instant messages with ease from the console. SendXMPP 
carries a few Perl module dependencies that you need to 
download from the CPAN archive and build. Retrieve the 
tarfiles via wget, extract and follow the customary perl 
Makefile.PL; make; make i ns tall procedure as root—the 
CPAN shell does not seem to work in the strict RAM confines 
of the WDMBII. After building two or three modules, you 
will be able to include the following one-line wizardry in 
/etc/init.d/post_network_start.sh (line 20): 

# $SCRIPTS_PATH/mionet.sh start 


touch $POST_NETWORK_STARTED_FILE 


fi 


# Announce IP address of operation to admin 
0UT='ifconfig | grep -A2 "eth0"': \ 

echo -e "(lander) now operational: \n$0UT" \ 

I /usr/local/bin/sendxmpp -r lander-notifier \ 
-f /root/.sendxmpprc lucifred@]abber.org 


The script parses the current network configuration and 
sends it with appropriate text wrapping and an XMPP 
resource (-r) describing the device to one of my notification 
accounts. The user ID and password are retrieved from 
/root/.sendxmpprc (-f). Once the script is installed, the device 
will notify me of its IP address at every bootup in any network 
where DHCP is enabled and access to the Jabber server in 
question has not been restricted. The result message is very 
effective in allowing me to locate the device and possibly even 
troubleshoot occasional connectivity glitches: 


(lander) now operational: 
eth0 Link encap:Ethernet 

HWaddr 00:90:A9:15:DD:73 
inet addr:164.99.120.96 
Bcast:164.99.121.255 
Mask:255.255.254.0 

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:! 

This approach will serve most road warriors willing to put 
up with connecting to IP addresses. But, power users control¬ 
ling their own domains can do even better. By setting up a 
dynamic DNS subdomain, one can enable the device to update 
at boot a fully qualified domain name, valid to the Internet at 
large. The intricacies of DNS zone configuration are beyond 
the scope of this article, but the Perl script to leverage a 
properly configured domain remains relatively simple: 


# Variables to configure the script's operation 


my 

Shostname 

= 'ooga': 

# 

Device hostname 

my 

Sdomain 

= 'dynamic.booga.org.': 

# 

Domain name 

my 

Snameserver 

= 'nsl.booga.org': 

# 

Primary nameserver 




# 

for your zone 

my 

Skeyname 

= 'mdSkey': 

# 

Name of the key 

my 

$key 

= '5e64bAsE64BASE64Ba5E64==': 

# 

HMAC-MD5 TSIG key 

my 

Sinterface 

= 'eth0': 

# 

Interface whose IP 




# 

is to be published 


Refer to the Resources section of this article for a reference 
to the Web page where the author maintains the script. This 
more extensive solution makes our briefcase-friendly, quick¬ 
booting mini-server a full-fledged participant in the Internet. 

ADDING SERVICES 

The most obvious workload for our portable server is file¬ 
centric: well equipped with SMB support from Samba and NFS 
support built in to the kernel, as well as the lighttpd Web 
server and the rsync client, the system is ready to shine in this 
space. Enterprising users have built HOWTOs describing how 
to expand further the array of services to FTP and even 
BitTorrent, but I should not forget to mention that the system 


70 I july 2009 WWW. linuxj ournal.com 


has a healthy complement of essential daemons: ntp, cron and 
even Apple's mDNS are at your disposal out of the box. 

The built-in toolchain enables the compilation of packages 
natively, but cross-compilation also is a possibility for jobs 
requiring more RAM than the device has available. It is, 
however, possible to find prebuilt packages for a number of 
services, as the device shares the ARM core of many others, 
its closest cousin being the Gumstix micro-board (check the 
many Gumstix sites for suitable binaries before starting a 
large cross-compiled build). 

CONCLUSION 

The WD Mybook II World Edition is clearly a device warranting 
the attention of hardware hackers looking for a small, cheap, 
low-power platform on which to build their projects. Western 
Digital's wisdom in not stripping the system portion of the 
device should be recognized in that it has provided us with a 
wonderful target for our tinkering. Although sporting only 98 
BogoMIPS, its hardware has unusual capabilities (hardware 
AES encryption and native support for Java bytecode among 
them) that provide further application levers for our appli¬ 
ance-building projects. I introduced here the hardware, its 
capabilities, how to breach its security and how to enable 
it with top-class network configuration at bootup on 
nearly any network. I hope you, the reader, will follow me 
and others in this exploration of what our imaginations 
can make of this small hardware wonder.B 


Federico Lucifredi is the maintainer of “man” as well as the Systems Management Product 
Manager for the OpenSUSE and SUSE Linux Enterprise product lines at Novell. He loves to tinker 
with old hardware and huild contraptions that puzzle his colleagues. 


Resources 


Enabling SSH Access on MyBook World Edition, by Martin 
Hinner: martin.hinner.info/mybook/sshaccess.php 

How to Set Up My Book World Edition II, by Paul Henman: 

henman.livejournal.com/1161953.html 

SendXMPP: sendxmpp.platon.sk 

CPAN (Comprehensive Perl Archive Network): 

www.cpan.org 

Daemon-less Wide-Area DNS Update, by Federico Lucifredi: 

primates.ximian.com/~flucifredi/dns-update.html 

Using SSH and FTP on Western Digital MyBook Word, 
by Edouard Briere: www.nanalegumene.net/ 
using-ssh-and-ftp-on-western-digital-mybook-world 

BiTtorrent on Mybook World: done, by Edouard Briere: 

www.nanalegumene.net/ 

bittorrent-on-mybook-world-done 

Binaries for Gumstix Board: www.nslu2-linux.org/wiki/ 
Optware/Gumstix 


Need SERVERS NOW? 

Next Day GUARANTEED! 

Best PRICE GUARANTEED! 

|| (§j vmware 

_ 

CUSTOMIZABLE SERVER SOLUTIONS SINCE 1989 


CERTIFIED 


il2l 



1U AMD 16-Core Opteron System 

1U Rackmount Server with 1000W Power Supply 
AMD Quad/Dual Core Opteron 1000MHz CPU 
Up to 128GB DDRII 1333MHz ECC REG MEM 
nVidia MCP55 Pro 6-Port SATAN Controller 
Intel 82546 Dual-Port Gigabit Ethernet Controller 
3 X 3.5” Hot-Swap SATA Drive Bays 




STARTING AT: $1,286 


King Star 4 nodes in 2U System 


2U Rackmount Server with 1200W Power Supply 

Xeon Quad/Dual Core 1333MHz CPU 

Up to 48GB DDRII ECC REG MEM 

IPMI with KVM-Over_LAN support 

Intel 82576 Dual-Port Gigabit Ethernet Controller 

12 X 3.5” Hot-Swap SATA Drive Bays 

STARTING AT: $4,199 




King Star Nvidia Tesia Super Computing 

Tower Rackmount Server with 1350W Power Supply 
AMD Phenom Quad/Dual Core 1333MHz CPU 
Up to 16GB DDRII MEM 

nVidia Tesla High Performance Computing Card 
1 X 3.5” SATA Drive 


STARTING AT: $1 ,899 



STARTING AT: $1 ,996 


King Star 24TB Storage 4U System 

4U Rackmount Server with 800W Power Supply 
Xeon Quad/Dual Core 1333MHz CPU 
Up to 64GB DDRII FB-DIMM MEM 
LSI LOGIC MegaRaid SAS 84016E Adapter 
Intel 82563 Dual-Port Gigabit Ethernet Controller 
24 X 3.5” Hot-Swap SATA Drive Bays 


Call now to configure the RIGHT system for you! 

»Intel Premier Provider 

» Fast lead time. System ready in as soon as 2 days 
» Reliable and dependable systems, build with highest quality components 
» Our valued customers: Nokia, Intel, Juniper, Tivo... 


SUPERMICRI 

Free $100 
Gas Card 


Chevron 



If your system is not shipped the next business day! 

We are confident that you will get the best quote from us! 




Tel: (800) 875-8590 Fax:(408)736-4151 
Email: sales@kingstarusa.com 


KING STAR COMPUTER RuckmoMfit Sewcv SpeciuUst 


www.kingstarusa.com 1259 Reamwood Ave. Sunnyvale CA 94089 

























THE CONKEROR 
WEB BROWSER 
CONQUERS 
SMALL SCREENS 


Small screen? Crummy touchpad? Not a problem for Conkeror. 

DAVID A. HARDING 


onkeror is a Web browser with an Emacs-style look, 
feel and configuration. It uses Firefox's HTML render¬ 
ing engine and works with most Firefox extensions, 
but it provides a keyboard-driven interface and 
makes excellent use of screen space. It's a fitting Web 
browser for Netbooks with their imprecise touchpads and small 
screens. Conkeror uses the same free software license as Firefox. 



snapshot download. 

To put the Conkeror launcher in one of your regular 
executable directories so that you can start Conkeror from 
a command prompt or application launcher, create a 
symbolic link from the conkeror/contrib/run-conkeror file 
to one of your usual executable directories. For example: 

$ In -s /usr/local/share/lib/conkeror/contrib/run-conkeror \ 
/usr/local/bin/conkeror. 

If your distribution doesn't include Firefox, download 
XULRunner from Mozilla and unpack it into your usual 
software directory. Then, download a Conkeror snapshot 
and unpack it also into your usual software directory. See 
Resources for links to the downloads. 

You must perform an extra step to make the Conkeror 
launcher work. First, copy the xulrunner-stub file from the 
XULRunner directory into the Conkeror directory. Then, create 
a symbolic link from that file to one of your usual executable 
directories. For example: 



Figure 1. Conkeror Web Browser 

Installing Conkeror 

Users of Debian Lenny, Debian Sid and Ubuntu Jaunty should 
install the conkeror and conkeror-spawn-process-helper pack¬ 
ages. Users of other distributions should install the XULRunner 
package (xulruner-1.9 or xulrunner). If you installed the Firefox 
package, that package installed XULRunner for you. After 
you install XULRunner, download a Conkeror snapshot and 
unpack it into your usual software directory—you don't need 
to compile anything. See Resources for a link to the Conkeror 


$ cp /usr/local/share/lib/xulrunner-l.9/xulrunner-stub \ 
/usr/local/share/lib/conkeror/xulrunner-stub 
$ In -s /usr/local/share/lib/conkeror/xulrunner-stub \ 
/usr/local/bin/conkeror. 

Browsing the Web with Conkeror 

You don't need to configure Conkeror to get started; simply 
start the conkeror executable you installed. Conkeror's start 
page lists which keys perform which actions (keybindings). 
The first keybinding listed, g, goes to the URL you specify. For 
example, load the Linux Journal home page by pressing g and 


72 I july 2009 www.linuxjournal.com 




















typing linuxjournal. com. Follow links by clicking them, as 
you would do in Firefox, and press B to return to previous 
pages or F to advance to later pages. 

Return to the basic list of keybindings on the start page by 
pressing, C-h i. In Conkeror and Emacs, C- stands for, "hold 
Ctrl and press the next key". For example, C-h i stands for 
"hold Ctrl, press h, release Ctrl and h, and press i". Conkeror 
uses other Emacs keybinding abbreviations also: M- means 
hold the Meta key (the Alt key on PC keyboards and the 
Option key on Macintosh keyboards); S- means hold the Shift 
key. For a complete list of Conkeror keybindings, press C-h b. 

Although you can follow links by clicking them, you should 
learn to follow them using the keyboard to get the most 
out of Conkeror. To follow a link with the keyboard, press f. 
Conkeror places a small number next to each link (Figure 2), 
including link images. Enter a number to follow its link or 
type letters from the name of the link you want. As you 
type letters, Conkeror removes the numbers from links that 
don't match those letters and renumbers the remaining 
links. Even on a slow computer, this happens instantly. If 
only one link matches the letters you entered, Conkeror 
automatically follows it. 



Figure 2. Following Links in Conkeror 

For example, let's assume the three link names: foo, bar 
and baz. Typing f and 3 follows the third link, baz. Typing f 
and baz also follows the baz link. Typing f and b removes 
the number next to foo, so that you can press 1 to select 
bar or 2 to select baz. 

As in Firefox, you can start a search within Conkeror. 
Press g, type "google", type your search term, and press 
Return to go to the Google result for your search term. 
Replace "google" with "lucky" to go straight to the first 
Google result, or replace it with any of the following words 
to use another search engine: "wikipedia" "sourceforge" or 
"dictionary". When you search Google, Conkeror asks Google 
to guess what you're searching for and displays the best 
matching results in a list. Press Tab to select the top result, 
use the keyboard arrow keys to select an alternative result, 
or simply finish typing your search terms and press Enter. 
This also works for Wikipedia searches. 

Using Conkeror's Buffers 

Firefox uses tabs to keep separate Web pages in the same 
browser; Conkeror uses buffers to do the same thing. To open 
a link in a new buffer, press C-u f and select the link using the 


link-following instructions above. For example, say you're back 
on the page with the foo, bar and baz links. To open baz in a 
new window, press C-u f and type baz. Press C-u before any 
command that opens a Web page to load that page in a new 
buffer. For example, C-u g goes to a URL or loads a search 
result page in a new buffer, and C-u C-h i loads the start 
page in a new buffer. Also, links that try to open a new 
window will be opened in a new buffer. 

Return to the previous buffer by pressing M-p (Alt-p on 
PCs and Option-p on Macs); advance to the next buffer by 
pressing M-n. Press C-x b to display a list of open buffers 
(Figure 3). Each buffer in the list has a name—its URL plus its 
title. Select a buffer name from the list using the keyboard 
arrow keys or narrow the list by typing part of a buffer's 
name. Press Enter at any time to show the selected buffer. 



Figure 3. The Buffer List 

Close a buffer—in Conkeror's terminology, kill a buffer—by 
pressing C-x k to display the list of buffers. Select a buffer the 
same way you did above, and press Enter to kill it. Conkeror 
selects the current buffer by default, so you can kill it quickly 
by pressing C-x k <Enter>. When you close the last buffer, 
Conkeror exits. Close Conkeror and all its buffers automatically 
by pressing C-x C-c. 

Some Other Keybindings 

Power users of any Web browser often edit the URL to go to a 
different part of the Web site they're visiting. Press C-x C-v 
to edit the current URL in Conkeror. Combine this with C-u 
to open the modified URL in a new buffer: C-u C-x C-v. 

Bookmarking a URL in Conkeror lets you return to it using 
Tab completion when you change URLs. Press b to bookmark 
the current URL, choose a name for the bookmark (Conkeror 
fills in the page title by default), and press Enter. Press g to go 
to a new URL, type in a few letters from either the bookmark 
title or the bookmark URL, and press Tab. Conkeror shows 
you a list of bookmarks that match the letters you typed; 
use the keyboard arrow keys to select a bookmark and press 
Enter to go to it. 

Sometimes when you try bookmarking a page, Conkeror 
asks you to choose a frame. It places a number next to each 
frame on the page and lets you choose a frame by entering 
its number. If you want to bookmark the URL containing all 
the frames, enter the number 0. 

Access all of Conkeror's commands—even those that aren't 
bound to a keybinding—by pressing M-x, typing the command 


www.linuxjournal.com ju ly 2009 I 73 





























FEATURE The Conkeror Web Browser 


name and pressing Enter. Press Tab to complete any command 
name; for example, press M-x, type print, and press Tab to 
make Conkeror select the print-buffer command. If you press 
M-x and Tab without typing anything, Conkeror lists all of its 
commands. I suggest you review this list to get an idea of 
everything Conkeror can do. 

Conkeror's Modes 

Conkeror includes special scripts, called modes, that change 
its behavior on specific sites—for example, the simple XKCD 
mode for the xkcd.com comic-strip site. When you visit 
xkcd.com in Firefox, it displays the comic's title when you 
move your mouse over the image. When you visit xkcd.com in 
Conkeror, it activates XKCD mode (Figure 4) and displays the 
title below the image in a special font—you don't need to 
move your mouse over the image. 



Figure 4. XKCD Mode in Action 

The Gmail mode redefines many of Conkeror's default key- 
bindings so that you can use the default Gmail keybindings. 
Other modes include a Google Maps mode, a Reddit mode 
and a YouTube mode. 

When you visit a site that has a mode, for example Google 
Maps, Conkeror loads that site's mode. When you leave the 
site, Conkeror automatically unloads the mode. You can try 
using modes on other sites by loading the mode's command 
through the M-x menu. For example: M-x xkcd-mode. 

However, most modes don't make sense on alternative sites. 

Advanced Configuration, Advanced Features 

Firefox has a pretty Preferences configuration screen. Conkeror 
doesn't. But, you can change any browser setting in Conkeror 
on the abouticonfig page. Press g, type about: config, and 
press Enter to go to the page and double-click the settings you 
want to change. Conkeror shows changed settings in bold. 

Use the search bar that appears on the top of the page to find 
specific settings quickly. For example, enter proxy to find all 
the proxy settings. 

Although you can find and change settings easily in 
about:config, some users prefer a dynamic Emacs-style config¬ 
uration file. This file can change about:config settings, define 
keybindings, add new commands, load external modules and 
define events using JavaScript. You can turn any file into a 
Conkeror configuration file, but the file must exist before you 
try using it. For example, add the following line to the file 
.conkeror.rc to prevent Conkeror from displaying a warning 


message before showing the abouticonfig page: 
user_pref("general.warnOnAboutConfig", false) ; 

After creating the configuration file, you must tell 
Conkeror where to find it. Go to the Conkeror start page 
by pressing C-h i, scroll to the Conkeror RC File section, 
and enter the full pathname of the configuration file in 
the text box. For example, I entered the following text: 
/home/harding/.conkeror.rc. Press the Set RC File button. 
You need to do this only once. 

Just below the Set RC File button, Conkeror lists several 
example directives for you to put in your configuration file. For 
instance, one line tells Conkeror how to use a custom search 
engine when you press g. You also can add new commands 
and new keybindings to Conkeror. For more examples, follow 
the Conkeror Wiki link in the Resources section of this article. 

The next section tells you how to use Firefox extensions in 
Conkeror, but some Firefox extensions don't want to work 
with a browser that isn't named Firefox. Most Firefox 
extensions work in Conkeror if you tell the extension 
you're really using Firefox. I suggest you put the following 
line in your configuration file to make Conkeror ignore 
compatibility problems: 

user_pref("extens ions.checkCompatibinty", false); 

Using Firefox Extensions in Conkeror 

Most Firefox extensions work in Conkeror, but if you're used 
to Firefox extensions, installing an extension in Conkeror may 
feel like a step backward. First, find the extension on the 
Mozilla Web site (or another Web site), and download it to 
your computer. (Firefox extension filenames end in .xpi.) Then, 
press M-x, type extensions, and press Enter to start the 
extension manager. Choose the Extensions tab, click the Install 
button, use the file navigator to select the file you downloaded, 
and click Open. As in Firefox, you must restart Conkeror to 
load the extension. 

Using an External Editor 

Conkeror lets you edit HTML text boxes in an external text edi¬ 
tor—for example, Emacs (Figure 5). Conkeror copies the text 
box's contents to a temporary file, opens your text editor on 
the file and reads the changed file back into the text box 
when you close your editor. To use this feature, you must compile 
Conkeror's small helper program, conkeror-spawn-helper. (If 
you used the instructions above to install the two Conkeror 
packages in Debian or Ubuntu, you may skip this paragraph.) 
Go to the Conkeror source directory you installed and run 
the following command: make. You don't need to run 
make install, because make compiles the program in 
the directory Conkeror uses. 

Next, you need to tell Conkeror which text editor to use. 
Conkeror looks for the editor command in the $EDITOR 
environmental variable, but if $EDITOR isn't set, Conkeror 
starts Emacs. Most distributions let you set the $EDITOR 
variable by adding the following line to your -/.xsession 
and -/.xinitrc files: 

export EDIT0R=my_ed1tor 


74 I july 2009 WWW. linuxj ournal.com 











Figure 5. Editing a Wikipedia Article in Conkeror 


Conclusion 

I hesitated before trying Conkeror the first time. As a longtime vi 
user, I wasn't interested in anything based on Emacs. But, I did 
need a Web browser that could make the most of my Netbook's 
5"-tall screen and crummy touchpad. Conkeror fit the bill, and I 
tried it. It impressed me. Although Conkeror may seem complicat¬ 
ed in its sophistication, I spent most of my time going to pages, 
following links and editing text boxes—^three things Conkeror 
makes easy and quick. After I slowly learned to use its other fea¬ 
tures, I found no reason I shouldn't enjoy the advantages of an 
advanced keyboard-driven Web browser on my desktop as well.H 


David A. Harding lives in New Jersey and works as a freelance technology writer. He has a Linux 
Professional Institute system administration certification and can often he found organizing local 
GNU/Linux events. 


Replace my_edi tor above with the name of the editor 
you want to use—for example, for the graphical VIM editor, 
gvim; the GNOME editor, gedit; or the KDE editor, kate. 

If you want to use a console editor, prefix the environmen¬ 
tal variable's value with the name of a terminal emulator— 
for example: 

export EDITOR="xterm -e vim" 

However, if you use external editors in other programs, you 
may not want to do everything in a graphical editor. To make 
Conkeror alone start a specific editor, add the following line to 
your Conkeror RC file and don't set the $EDITOR variable: 

editor_shell_command = "my_editor"; 

After all that configuration, using the external editor 
should seem simple. Use the Tab key or the mouse to place 
the input cursor in a text box and press C-i. You can edit small 
boxes—for example, a box for your name—or large boxes— 
for example, the edit box in a Wikipedia article. Conkeror 
grays out the text box while you edit. When you finish editing 
by closing your text editor, Conkeror restores the original 
background color. 

Documentation 

The Conkeror start page links to its built-in tutorial, which you 
activate by pressing C-h t. The tutorial teaches you how to 
browse the Web with Conkeror. 

Similar to Emacs' help, Conkeror's help can describe its 
own commands. The C-h f keybinding describes commands, 
and the C-h k keybinding describes keybindings. For example, 
to find out what the print-buffer command does, type C-h f 
and print-buffer. Conkeror will tell you that, "print-buffer is 
an interactive command in commands.js [to] print the currently 
loaded page." Similarly, press C-h k and f, and Conkeror 
tells you "f is bound to the command follow in 
bindings/defau It/content-buffer/element.js." 

For complex problems, Conkeror can help you search its 
wiki. Press g, and type conkerorwi ki, and enter your search 
terms. Conkeror searches its wiki, which includes troubleshooting 
information and lots of ways to get the most out of Conkeror. 
Of course, you always can go directly to the Conkeror wiki 
using the link in Resources. 


Resources 


Conkeror Home Page and Wiki: conkeror.org 

Download Conkeror Snapshot: repo.or.ez/w/ 
conkeror.git?a=snapshot;h=master;sf=tgz 

Download Mozilla XULRunner: releases.mozilla.org/ 
pub/mozilla.org/xulrunner/releases/1.9.0.1/runtimes 


Low Cost Panel PC 

PPC-E7 

•Cirrus ARMS 200MHz CPU 

• 3 Serial Ports & SPki: 

• Open FrS^Dfiiirgin 
•3 USB 2.0 Host Ports 

• 10/100 Basel Ethernet 

• SSC-I2S Audio Interface 

• SD/MMC Flash Card Interface 

• Battery Backed Real Time Clock 

• Up to 64 MB Flash & 128 MB RAM 

• Linux with Eclipse IDE or WinCE 6.0 

• JTAG for Debuging with Real-Time Trace 

• WVGA (800 X 480) Resolution with 20 Accelerated Video 

• Four 12-Bit A/Ds, Two 16-Bit & One 32-Bit Timer/Counters 

Setting up a Panel PC can be a puzzling experience. However, 
the PPC-E7 Compact Panel PC comes ready to run with the 
Operating System installed on Flash Disk. Apply power and 
watch either the Linux X Windows or the Windows CE User 
Interface appear on the vivid color LCD. Interact with the PPC-E7 
using the responsive integrated touch-screen. Everything works 
out of the box, allowing you to concentrate on your application, 
rather than building and configuring device drivers. Just Write-lt 
and Run-lt. Starting at $495. 

For more info visit: www.emacinc.com/panel_pc/ppc_e7.htm 



2.6 Kernel 


Since 1985 


OVER 

23 

YEARS OF 



niAc 


me. 


' “SSSI Equipment Mon- 


ur\ nmu v/ummuL 


Phone: (618) 529-4525 • Fax: (618) 457-0110 • Web: www.emacinc.com 


www.linuxjournal.com ju ly 2009 I 75 






















INDEPTH 



Bug Labs: Hacks and Apps 

Use Bug Labs’ modular, open-source system for building devices and find out what 
you can do with a fully integrated device development platform, aliciagibb 


You may have read about Bug Labs, the open-source modu¬ 
lar gadget company, in Mike Diehl's article in the August 2008 
issue of Linux Journal (see Resources). We're back to tell you a 
bit more! In this article, I fill you in on some general information 
about BUG, including our latest news, and then provide some 
ideas about what you can do with BUG. 

BUG is a modular, open-source system for building devices. 
Four modules can be snapped into the BUGbase, which has 
an ARM 1136 MX31 embedded processor. BUG runs a 2.6.27 
version of the Linux kernel and a distribution customized from 
Poky Linux, which is derived from the OpenEmbedded distribution. 
OpenEmbedded is a distro specifically for embedded systems. 

It cross-compiles the JVM and other language runtimes. In 
addition, thousands of other packages (applications, libraries 
and so on) are available and can be compiled for BUG using 
the BitBake program. 

At BUG, open source doesn't mean only source code, but 
also flexibility and the power to choose. As Mike Diehl wrote 
in his previous article, it's easy to ssh into BUG. After logging 
in, you'll be at the BusyBox shell, and from there, you can 
get into the filesystem, install and run software, killall and 
more (though we don't recommend that last one). 

We want users to be able to choose the language they 
prefer, the interface they favor and the modules that accom¬ 
plish their goals. The modules currently for sale are the 
BUGview (full-color touchscreen LCD), BUGmotion (motion 
sensor/accelerometer), BUGIocate (GPS), BUGsound (audio) 
and BUGvonHippel (our breakout board with serial, general 
I/Os, I2C, SPI, DAC, ADC and more). BUGvonHippel was 
named after Dr Eric von Hippel of MIT for his contributions 
in the Open Source movement and his book called 
Democratizing Innovation. 

We want users to be able to 
choose the language they prefer, 
the interface they favor and the 
modules that accomplish their goals. 

Coming out in the next few months will be the BUGwifi 
(which also includes Bluetooth), BUGbee (802.15.4 protocol) 
and BUG3g GSM (3G), to be followed by the BUGprojector 
(pico) module. Additional specifications for our current 
modules are located on our Web site (see Resources). 

To connect all these modules and communicate with the 
kernel, we export I2C, SPI, UART, I2S, camera and display 
interfaces in our own BMI (Bug Module Interface) wrapper to 
make the device as flexible as possible. You then can put any 


module into any slot (and yes, they're hot-swappable), 
creating your own open-source gadget or prototyping 
platform, bottom-up style. 

BUGS are also flexible with what language you can use to 
code. We support Java, C, Python and Ruby on BUG, but you 
can write in any language you want, so let us know when 
you've got brainfork working. 

Although we encourage other languages, you also should 
be prepared to dig around for packages or write a few 
libraries. One of our developers recently wrote a tutorial on 
our Community Blog (see Resources) for building C/C++ 
programs on the BUG. This example uses a Python program 
called BitBake, along with build description files called 
recipes, to generate executable programs and other artifacts 
meant for a specific computer architecture. Recipes are the 
metadata about how a program is built and provide a way 
for all packages to be deployed consistently. Finally, this 
allows for the BitBake program to create an image containing 
the entire operating system. 

When installing new packages on BUG, you can use the 
ipkg program to install from BUG'S shell. Ipkg is analogous 
to yum or apt-get in other Linux distributions and provides 
a simple way of installing new software on BUG. We 
maintain a repository of programs for BUG on our Web 
site (see Resources). 

What else can you do with BUG? Technically speaking, 
you can do anything you want with a BUG; it's a fully pro¬ 
grammable embedded computer. We realize that's a little 
vague. Because BUG is open-source, imagine morphing 
any handheld device into your own open-source version 
running on Linux, allowing you more options than its 
closed-source counterpart. 

Another use is the ability to create hardware without 
having to solder or go through numerous manufacturing 
headaches. You can use the BUG as a prototyping system 
to create and re-create solutions to your problems. And, 
of course, you can create a new device that isn't available 
from your local Best Buy or Radio Shack. 

Our apps page (see Resources) includes Java apps uploaded 
by our community and the Bug Labs team. Looking through 
the current applications is the best way to get an idea of what 
can be done with BUG. Although many of these apps are 
proof of concept, these examples show off some of BUG'S 
possibilities. Finally, BUG has a growing community of users 
who have defined new BUG capabilities both within hardware 
and software. A handful of community members even have 
created their own modules, made with our schematics and 
CAD files found on our Resources and Documentation wiki 
(see Resources). 


76 I july 2009 www.linuxjournal.com 



1 


INDEPTH 


Each module has a Hello World app as well as many proof- 
of-concept applications. These are useful for seeing what each 
module is capable of. For example, BUGmotion can store the 
data it gets from three different axes (X, Y and Z) and detect 
motion in various programmable ranges. Simply by using this 
module with a BUGbase, you could program BUG and toss it 
into your luggage before a flight to chart the data from each 
axis as it gets jostled around. Keep in mind the rechargeable 
battery life is currently three to four hours without AC power. 

BUGview is useful, for example, if you'd like to check out a 
terminal directly on your BUG, although the keyboard is diffi¬ 
cult to type on without tiny fingers, so we recommend using a 
Bluetooth keyboard via the BUGwifi or USB via BUGvonHippel. 

You also can program BUGview to act as one large button 
that can send data to other modules and change color as 
feedback that the button has been pressed. 

BUGIocate can be used to gather data about wherever 
your BUG is or stowed in your car to monitor your teenager's 
driving patterns (though that seems a bit Big Brother for us). 

BUGsound can play files saved on the SD card. Coupled 
with the accelerometer, it can make different noises when held 
in different positions. Search for the Phunky app on our apps 
page for more details. 

BUGwifi opens up many options, from connecting different 
devices via Bluetooth to sending messages to your Twitter 
account when motion is sensed. 

BUGBg GSM also will broaden the horizons of data trans¬ 
ferring capabilities. Data can be sent to or from your phone or 
other devices. Imagine your doctor writing you a prescription 
on a BUG and having the data immediately sent to your 
patient file and your pharmacist—with encryption of course! 



Figure 1. Instant root Access in the BUG’S Terminal (Photo Credit: 
Brian Ballantine) 

A lot of interesting apps come about due to networking 
capabilities. BUG comes with its own Web server and allows 
you to query each module's data by accessing the correspond¬ 
ing Web service. For example, you can connect your BUG to 


your network, put http://10.10.10.10/service/picture (default IP 
address of BUG) in your browser, and see a JPEG format picture 
taken with BUGcamZMP. BUG uses RESTful Web services 
and HTTP operations to manipulate the resources it provides. 
Making data available in this way is important as applications 
rely more and more on different devices communicating. 

In addition to using the existing Web services, you can 
implement your own Web service or Web front end using Java 
servlets. For example, we recently made a BUGbot—BUG with 
wheels attached. We created a Web page served from the 
BUGbot that could control the direction and speed of the 
device. We then used the BUGbot to drive around the office 
snapping pictures. The BUGbot was easy to make. We 
attached a motor shield to the BUGvonHippel module, 
hooked that up to some wheels, put a tripod on the wheels 
and a BUG on the tripod. With the Wi-Fi module (BUGwifi) 
attached, this BUGbot also can upload the captured images 
to Flickr or Twitter. 

Many familiar libraries have been ported to BUG, allowing 
for the type of functionality you'd expect on any Linux 
machine. For example, the popular open-source computer 
vision library OpenCV runs on BUG. OpenCV allows for 


Do you take 

^^the computer doesn^t do that” 

as a personal challenge? 


So do we. 


LINUX 

JOURNAL 

Since 1994:The Original Monthly Magazine of the Linux Community 

Subscribe today at www.linuxjournal.com 


www.linuxjournal.com ju ly 2009 I 77 







INDEPTH 


r 


applications to gather and analyze data from images and video 
streams. With OpenCV, you can use BUG for blob detection 
and tracking for physical computing applications. OpenCV 
also enables BUG to do face, figure and motion detection 
for security applications. 

Our sysadmin at BUG got a SIP phone running on his BUG 
and wrote about the possibilities with IPv6 and BUG on our 
Community Blog: IPv6 allows for host-to-host communication. 
Host-to-host can mean BUG-to-BUG, PC-to-BUG, BUG-to-PC, 
BUG-to-(other device), (other device)-to-BUG, BUG-to-(some 
Web service) and, of course, (some Web service)-to-BUG. 
Maybe more. The BUG SIP phone consists of a BUG and the 
BUGvonHippel module with a headset attached through the 
USB port on the BUGvonHippel. To have a BUG SIP phone, 
you'll need a SIP software client, a SIP provider and the 
open-source Asterisk PBX. With enough network bandwidth, 
the quality is clear with little to no lag time. 

While we're on the topic of data communication, R-OSGi 
was created by Jan Rellermeyer and Michael Duller, and it 
stands for Remote OSGi. This application allows servers to 
connect via remote access transparently. Bundles are able to 
move through the network as if they were a local service. This 
application is not only important to BUG, but to the Java 
community as well. A Bug Labs developer used R-OSGi to create 
a camera app that could bind to any camera on the local 
network dynamically. R-OSGi allows this to occur in a general 
way, so that any application's dependencies can be provided 
transparently by another R-OSGi-speaking device. 

Music server is an application that uses BUGwifi and 
BUGsound. Music files are stored on the BUG'S miniSD card and 
can be accessed via an IP address. You can point your phone or 
another computer to the BUG'S IP address and choose a song to 
play from across the room or possibly (configured correctly), across 
the continent. Integrated audio/MP3 support doesn't exist in 
phoneME, so it uses madplay, a command-line MP3 player. Songs 
can be played directly through the audio module connected to 
speakers or headphones—the audio module contains a line-in, 
line-out, mic and headphone jack. 

Another useful app that was created by a member of our 
community is the GPSAIarmClock. This app is programmed 
to make a sound when a destination is reached rather than 
a certain time. This uses the PositionHelper class with an 
OSGi service to help with its accuracy. The GPSAIarmClock 
can be helpful if you have a long train commute or road trip 
(provided you're not driving). 

Chris Wade, an active community member also known as 
cmw, ported Quake to his BUG. He hacked it together using 
QuakeSDL. The full instructions are available on his Web site 
(see Resources), but it's as simple as downloading the binary 
and extracting it, then executing it. He recently added mx31 
support to QEMU, which allows us to run the BUG in a fully 
virtualized environment. Unfortunately, QuakeSDL doesn't 
support joysticks, so Wade took matters into his own hands 
by hacking the guitar from Guitar Hero to run as a joystick 
for Quake. Rumor has it Ms PacMan is coming next. 

Bug has been learning a lot from the Open Source commu¬ 
nity, so we understand the importance of giving back to that 


community. We give back in a few ways. We're active in the 
OpenEmbedded community, and our art director even created 
the new look for the OpenEmbedded Project. Our head of 
software is an Eclipse contributor, and many of our engineers 
participate in the Eclipse community. We expose and discuss all 
of our code (all available in our svn repository), projects and 
hacks openly in hope that someone else runs across answers 
to their questions. We open-source all the driver work we do, 
contribute code to the Concierge OSGi Project and submit 
defect reports for a number of open-source projects. We also 
have given back to various Linux project communities, such as 
the Linux wireless community Libertas. Many of our engineers 
can be found posting and responding to discussions about 
FOSS Java on ARM with topics on OpenJDK with Tarrent and 
the phoneME JVM in Jalimo. 

Another way Bug Labs gives back is through our Test 
Kitchen. This is a small electronics lab located at our 
office in New York, open to the public from 12pm-7pm, 
Monday-Friday. Folks are welcome to bring their own projects 
(whether it involves BUG or not), use the various microcon¬ 
trollers in the lab or just show up to play with a BUG. We also 
encourage groups like MakeiNYC and other similar groups to 
use the Test Kitchen for their events. The purpose of an open 
space for hacking and tinkering is to promote collaboration 
and creativity, share thoughts and learn from each other. We 
ask that you schedule a time when planning to come in by 
sending e-mail to alicia@buglabs.net. 

If you have any further questions about BUG, we're on 
IRC daily at #buglabs on Freenode. Our dev team is ready to 
help, and our community members probably will chime in 
with their advice as well. Check back with us often; updates 
occur regularly.* 


Bug Labs Team Member Alicia Gibb is a researcher and rapid prototyper. As Bug Lab’s 
Gadget Wrangler, sbe administers tbe Test Kitchen for exploring the innovations available 
with modular technology components. She recently took a UNIX class where the guy/girl 
ratio was 2:6. Back up. Reread. Girl Power! 


Resources 


"The BUG: a Linux-Based Hardware Mashup" by Mike Diehl, 
U, August 2008: www.linuxjournal.com/article/10125 

Bug Labs: buglabs.net 

BUG Community: community.buglabs.net 

BUGrepository: repo.buglabs.net 

BUG Wiki: buglabs.net/wiki 

Community Applications: buglabs.net/applications 

Quake on the BUG Base: bug.cmw.me 


78 I july 2009 www.linuxjournal.com 






Ut I NU I ICtU! 


With custom, temporary 
tattoos! Any image! 

5% Off With 
This Code: 

linuxjournal 

Great for conventions! 


StrayTats.com 




EtherDrive* 

The AFFORDABLE Network Storage 

Fiber Channel speeds at Ethernet prices 

^ rnPAirvV ® vmware* | partner 

ESX 3.5 compatible EtherDrive® HBA 


BEAGLE BOARDS & PERIPHERALS 

LOW-COST, NO FAN, SINGLE-BOARD COMPUTER 



AVAILABLE EXCLUSIVELY AT DIGI-KEY 

ffbeagleboard 


www.digikey.com 



ARMS System on 

Internet Appliance Engine 

•AtmelARM9 400MhzCPU 

• 10/100 Basel Ethernet 

• SD/MMC Flash Card Interface 

• 2 USB 2.0 Host Ports & 1 Device Port 

• 6 Serial Ports, 2 SPIs & Audio Interface 


Module 

SOM-9G20 


T he SoM-9G20 is the ideal processor engine for your next design. The System on 
Module (SoM) approach provides the flexibility of a fully customized product at a 
greatly reduced cost. Single unit pricing starts at $155. 



EMAC Linux 
2.6 Kernel 


clil^&incr] 

EquipmenI Monitor And Control 


Phone:(618) 529-4525 • Fax:(618)457-0110 • Web: www.emacinc.com 



American made Utility Kilts for Everyda y Wear 


com 


FOSSHealth 09 
unconference 


http://fosshealth. eventbrite. com 


Friday July 31 to 
Sunday, August 2 
in Houston, T.X 
Use registration code 
'Ijmag' for $100 off. 



www.linuxjournal.conn ju ly 2009 I 79 


LINUX JOURNAL MARKETPLACE 








































EOF 

A 


The Last Silos Standing 

Too many businesses still aren’t getting the clues from open code. 

DOC SEARLS 



For the many years I wrote Linux for 
Suits and the SuitWatch newsletter, 

I always insisted that Linux and busi¬ 
ness were joined by and logic rather 
than or. 

I still believe that's true. But, I also 
believe that many businesses—espe¬ 
cially the big ones—still don't get 
Linux, free software, open source or 
even the Internet itself. That's because 
they remain, in the immortal words of 
Walt Whitman, "demented with the 
mania of owning things". 

Oddly, the things they want to 
own most are not things at all, but 
customers. These companies still har¬ 
bor the illusion that customers can be 
"acquired" like slaves and "managed" 
like cattle. The nicest ranches for 
customers are politely called "walled 
gardens". I prefer an equally agricul¬ 
tural metaphor: silo. 

The definition of silo I like best is 
"a tall cylindrical structure, usually 
beside a barn, in which fodder is 
stored". (That's from the Free 
Dictionary.) Fodder, in the case of 
business, is customer data. That data 
includes specifics, such as name, 
address, purchase history and call 
records. It also might include cus¬ 
tomers' stated or inferred prefer¬ 
ences, status with the company 
(frequent flyer grades, for example) 
and other variables. 

The crowning irony of business 
silos is that they are built to maximize 
Bl (Business Intelligence), yet they are 
blind to how they're not working. 

This form of inward-gazing ignorance 
is familiar to techies who have 
watched many silos come down in 
the computing and networking fields. 
Mainframes, closed on-line services 
and proprietary e-mail systems all 
come to mind. The Internet and its 
open protocols killed all those things. 


yet the lessons remain lost on every 
business that continues to believe 
that good "intelligence" about what 
customers actually want can be 
found inside the company's customer 
data silo. 

For evidence I offer three exam¬ 
ples: call centers, loyalty cards and 
mobile phones. All three are shining 
examples of a form of architecture 
that has been discredited, if not 
defeated, by the successes of Linux, 
FOSS and the Internet. 

Look up "call center hell" in 
Google, and you'll get millions of 
results. (This morning, 8.65.) Two of 
the three top search results on Twitter 
are by people working in call centers. 
Most of these are "hold centers", 
because putting callers on hold is 
what they do best. Conversation is 
not their forte. If you ever reach a 
human being at the end of a choice 
maze, you too often interact with 
a script rather than a human being. 
After an accident involving my rental 
car a couple years ago, the woman at 
the other end of the line reacted to 
my anger at her uncooperativeness 
by admitting that her options were 
limited, literally, by a script. There 
were only certain things she was 
allowed to say or hear. When the 
conversation stepped outside those 
lines—as it had to, since the accident 
was novel in several ways—both of us 
went nonlinear. The call crashed as 
badly as the four cars (including one 
cop car) involved in the pile-up. 

Loyalty cards are the silliest thing 
since Green Stamps. By the middle 
of the last century, nearly every store 
gave away green stamps, achieving 
zero differentiation from every other 
store and adding friction to the entire 
economy in the process. Today, instead 
of collecting stamps and sticking them 


in books (to redeem later for a crappy 
grill or something), we collect cards 
that fatten our wallets without making 
us richer. Loyalty cards require retailers 
to maintain dual pricing for merchan¬ 
dise and add friction at the checkout 
counter, where too often the only 
benefit to the customer is a coupon 
for something they just bought. 
Worse, loyalty programs can't tell 
when or why people don't shop at a 
store. My family likes to shop at Trader 
Joe's, because that store avoids the 
hassles of both loyalty cards and 
coupons. There is nothing in other 
stores' loyalty programs that welcomes 
hearing this useful information. 

Perhaps the worst business silos 
are the Siamese ones formed by cell¬ 
phone equipment makers and carriers. 
Although PCs—even closed ones with 
Apple and Microsoft operating sys¬ 
tems—are open to endless varieties of 
third-party applications, we see noth¬ 
ing of the sort from the cell-phone 
business, with the notable exception 
of the iPhone, which is (as I write this) 
enjoying its billionth application down¬ 
load. That download, of course, will 
come from exactly one source: Apple's 
iTunes. One might consider this a step 
in the right direction—it's kind of like 
the one Windows 95 took by making 
it easy for countless developers to 
write applications that would run 
on even-more-countless PCs. The 
next step, however, has to come 
from outside the silos of both the 
equipment makers and the phone 
system carriers. More eyes make bugs 
shallower, as we say. 

Time to debug some business silos. ■ 


Doc Searls is Senior Editor of Linux Journal. He is also a 
fellow with the Berkman Center for Internet and Society at 
Harvard University and the Center for Information Technology 
and Society at UC Santa Barbara. 


80 I july 2009 www.linuxjournal.com 



You know one hour of downtime 
is a big deal. Make sure your hosting 
provider does, too. 




PI n^vFn 

WILL RETURN 

ULUOtU 

SERVICE UNAVAILABLE 

• 


Your E-commerce concerns center around availability, security, 
compliance and scalability. Our responsibility as Linux hosting 
experts is to help you eliminate those worries when it comes to the 
hosting infrastructure behind your site. Bottom line — if your 
E-commerce site needs to be online and stay online, it needs to be 
hosted at Rackspace. 

With our 200 RHCEs, we have the expertise and support to keep you 
online all of the time. And we understand the stakes — your reputation 
and revenue can suffer drastically from even a few minutes of 
downtime. You need to be up and running under any circumstances. 

We work around the clock to make sure you are. 





^ redhat 


HOSTING PARTNER 






AMDH 


rackspace.com/linuxjournal • 888-571-8976 | experience fanatical support 


rackspace 


0 


HOSTING 





More GFLOPS 
Less WATTS 


InteP Nehalem is here! 

Higher Memory Bandwidth with DDRS and QPI 
Clusters and Servers Consume Less Power 


Four Servers in a 2U Chassis with all Hot-Swap: 

► 1200 Watt 1+1 supply, 12 Drives, and Server Modules! 


FasTree™ ConnectX® QDR and DDR InfiniBand 
Switches and HCAs 


Intel Professional Compiler Suite and Cluster Toolkit 

► Version 11 with Nehalem Enhancements 

► Academic Pricing Available 


Configure your next Cluster today! 

www.microway.com/quickquote 





t ■ r . '"l 

-^Vg— 

f — 1 


4’.g- 


.:,F 




■h- 


-i + 

: 



: 

l.t 

-ii.g 


■ LJ. 

L.t --L 

-ii ,g 

Z,t- 

■ L,f 

_ ! • r . 

”7' i 

- LA. ' ' 



i .f i. 



-LA ""7. 



GPU Computing 


WhisperStation™ 

With 1 to 4 Tesla GPUs 

Tesla C1060 GPU Performance: 

► 1 TFLOPS per GPU 
MGB DDR3 per GPU 

► 102 GB/Sec Bandwidth 

► CUDASDK 

Run MATLAB« on Tesla with "Jacket" 



Clusters with Tesla " 

SI070 - 4 GPU Servers 

► 36 GPUs + 36 CPUs + 24 TB in 24U 

► 40 Gbps FasTree™ InfiniBand 

► InfiniScope™ Network Monitoring 





Technology you can count ow^ 



508 - 746-7341 

microway.com 


GSA Schedule 
Q Q A Contract Number 
GS-35F-0431N 








